From c1d87b282349cbf768d66787a444da61e117aa99 Mon Sep 17 00:00:00 2001 From: didyouexpectthat Date: Sun, 8 Apr 2018 14:09:07 -0700 Subject: [PATCH 001/140] Change `william.cage` to `example` Feedback in https://github.com/serghey-rodin/vesta/issues/1530 --- web/templates/admin/add_mail_acc.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/templates/admin/add_mail_acc.html b/web/templates/admin/add_mail_acc.html index 0f2ea2d0..43821cd9 100644 --- a/web/templates/admin/add_mail_acc.html +++ b/web/templates/admin/add_mail_acc.html @@ -158,7 +158,7 @@ : -

william.cage@

+

example@

: From 07ec81b6aedf1e487450db73d414cdeb29e0fb06 Mon Sep 17 00:00:00 2001 From: didyouexpectthat Date: Sun, 8 Apr 2018 14:11:41 -0700 Subject: [PATCH 002/140] Change `william.cage` to `example` Feedback in #1530 --- web/templates/admin/edit_mail_acc.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/templates/admin/edit_mail_acc.html b/web/templates/admin/edit_mail_acc.html index c9b7ed85..cf38065d 100644 --- a/web/templates/admin/edit_mail_acc.html +++ b/web/templates/admin/edit_mail_acc.html @@ -165,7 +165,7 @@ : -

william.cage@

+

example@

: From 9148f7c9c2accbaecf426e44eba420cac7d7036d Mon Sep 17 00:00:00 2001 From: Vadim Sitnic Date: Fri, 27 Apr 2018 11:33:13 +0300 Subject: [PATCH 003/140] set softquota=hardquota --- bin/v-update-user-quota | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-update-user-quota b/bin/v-update-user-quota index b0f376a2..3483bca5 100755 --- a/bin/v-update-user-quota +++ b/bin/v-update-user-quota @@ -33,7 +33,7 @@ is_object_valid 'user' 'USER' "$user" # Updating disk quota # Had quota equals package value. Soft quota equals 90% of package value for warnings. quota=$(get_user_value '$DISK_QUOTA') -soft=$(echo "$quota * 1024 * 0.90"|bc |cut -f 1 -d .) +soft=$(echo "$quota * 1024"|bc |cut -f 1 -d .) hard=$(echo "$quota * 1024"|bc |cut -f 1 -d .) # Searching home mount point From 85b3578f9cebb9b7b8196791eed8af1f20892bbe Mon Sep 17 00:00:00 2001 From: Marcos Date: Mon, 21 May 2018 03:55:05 +0200 Subject: [PATCH 004/140] Fix rebuild for some user names --- bin/v-rebuild-web-domains | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-rebuild-web-domains b/bin/v-rebuild-web-domains index d28a943d..2094d19c 100755 --- a/bin/v-rebuild-web-domains +++ b/bin/v-rebuild-web-domains @@ -37,7 +37,7 @@ is_object_unsuspended 'user' 'USER' "$user" #----------------------------------------------------------# # Deleting old web configs -sed -i "/.*\/$user\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf +sed -i "/.*\/$user\/conf\/web\//d" /etc/$WEB_SYSTEM/conf.d/vesta.conf if [ -e "$HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf" ]; then rm $HOMEDIR/$user/conf/web/$WEB_SYSTEM.conf fi @@ -47,7 +47,7 @@ fi # Deleting old proxy configs if [ ! -z "$PROXY_SYSTEM" ]; then - sed -i "/.*\/$user\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf + sed -i "/.*\/$user\/conf\/web\//d" /etc/$PROXY_SYSTEM/conf.d/vesta.conf if [ -e "$HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf" ]; then rm $HOMEDIR/$user/conf/web/$PROXY_SYSTEM.conf From 0f48ec04f0a8432979b6319f2b7451915fd08d02 Mon Sep 17 00:00:00 2001 From: Marcos Date: Mon, 21 May 2018 03:59:55 +0200 Subject: [PATCH 005/140] Do not allow {tab} on a domain name --- func/main.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/func/main.sh b/func/main.sh index e11ba6b3..be626702 100644 --- a/func/main.sh +++ b/func/main.sh @@ -532,7 +532,7 @@ is_user_format_valid() { is_domain_format_valid() { object_name=${2-domain} exclude="[!|@|#|$|^|&|*|(|)|+|=|{|}|:|,|<|>|?|_|/|\|\"|'|;|%|\`| ]" - if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]]; then + if [[ $1 =~ $exclude ]] || [[ $1 =~ ^[0-9]+$ ]] || [[ $1 =~ "\.\." ]] || [[ $1 =~ "$(printf '\t')" ]]; then check_result $E_INVALID "invalid $object_name format :: $1" fi } From a5e093da168ec4bd2f7f59649807619f420bba90 Mon Sep 17 00:00:00 2001 From: Marcos Date: Mon, 21 May 2018 04:03:26 +0200 Subject: [PATCH 006/140] Apps translation --- web/inc/i18n/es.php | 1 + 1 file changed, 1 insertion(+) diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index d9b9f5fb..1f2c36dd 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -21,6 +21,7 @@ $LANG['es'] = array( 'Services' => 'Servicios', 'Firewall' => 'Cortafuegos', 'Updates' => 'Actualizaciones', + 'Apps' => 'Aplicaciones', 'Log in' => 'Iniciar Sesión', 'Log out' => 'Salir', From ed1ad943cf84ab70ba9bf0ba1116e9a41d3e2d3d Mon Sep 17 00:00:00 2001 From: dpeca Date: Fri, 25 May 2018 17:21:03 +0200 Subject: [PATCH 007/140] Centos6 roundcube password driver typo fix --- install/rhel/6/roundcube/vesta.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/rhel/6/roundcube/vesta.php b/install/rhel/6/roundcube/vesta.php index fee26078..1e9523a5 100644 --- a/install/rhel/6/roundcube/vesta.php +++ b/install/rhel/6/roundcube/vesta.php @@ -48,7 +48,7 @@ class rcube_vesta_password $context = stream_context_create(); $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); - result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); $result = stream_context_set_option($context, 'ssl', 'verify_host', false); $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); From 04a55260cae5f2eac68931f1f9f4043351f47d7a Mon Sep 17 00:00:00 2001 From: Marcos Date: Sat, 26 May 2018 20:14:47 +0200 Subject: [PATCH 008/140] Fix delete domain --- func/domain.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/func/domain.sh b/func/domain.sh index c21a38a6..cc66aecb 100644 --- a/func/domain.sh +++ b/func/domain.sh @@ -269,7 +269,7 @@ replace_web_config() { fi } -# Delete web configuartion +# Delete web configuration del_web_config() { conf="$HOMEDIR/$user/conf/web/$domain.$1.conf" if [[ "$2" =~ stpl$ ]]; then @@ -291,7 +291,7 @@ del_web_config() { # clean-up for both config styles if there is no more domains web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) if [ "$web_domain" -eq '0' ]; then - sed -i "/.*\/$user\/.*/d" /etc/$1/conf.d/vesta.conf + sed -i "/.*\/$user\/conf\/web\//d" /etc/$1/conf.d/vesta.conf if [ -f "$conf" ]; then rm -f $conf fi From b143792750299e83e78569544dd3d62c3bfe8541 Mon Sep 17 00:00:00 2001 From: Marcos Date: Tue, 29 May 2018 20:01:29 +0200 Subject: [PATCH 009/140] Adding and removing includes when suspending/unsuspending DNS zones --- bin/v-suspend-dns-domain | 10 ++++++++++ bin/v-unsuspend-dns-domain | 14 ++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/bin/v-suspend-dns-domain b/bin/v-suspend-dns-domain index b42e2e99..bfe30f0b 100755 --- a/bin/v-suspend-dns-domain +++ b/bin/v-suspend-dns-domain @@ -41,6 +41,16 @@ is_object_unsuspended 'dns' 'DOMAIN' "$domain" # Action # #----------------------------------------------------------# +# Deleting system configs +if [[ "$DNS_SYSTEM" =~ named|bind ]]; then + if [ -e '/etc/named.conf' ]; then + dns_conf='/etc/named.conf' + else + dns_conf='/etc/bind/named.conf' + fi + + sed -i "/\/$user\/conf\/dns\/$domain.db\"/d" $dns_conf +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unsuspend-dns-domain b/bin/v-unsuspend-dns-domain index bc8de6ee..38008d2f 100755 --- a/bin/v-unsuspend-dns-domain +++ b/bin/v-unsuspend-dns-domain @@ -40,7 +40,21 @@ is_object_suspended 'dns' 'DOMAIN' "$domain" # Action # #----------------------------------------------------------# +# Creating system configs +if [[ "$DNS_SYSTEM" =~ named|bind ]]; then + if [ -e '/etc/named.conf' ]; then + dns_conf='/etc/named.conf' + dns_group='named' + else + dns_conf='/etc/bind/named.conf' + dns_group='bind' + fi + # Adding zone in named.conf + named="zone \"$domain_idn\" {type master; file" + named="$named \"$HOMEDIR/$user/conf/dns/$domain.db\";};" + echo "$named" >> $dns_conf +fi #----------------------------------------------------------# # Vesta # From b2649fd3cc47c54ba1824ecece2b2e05514dcb82 Mon Sep 17 00:00:00 2001 From: Marcos Date: Tue, 29 May 2018 23:42:58 +0200 Subject: [PATCH 010/140] Fix Adding alias DNS from web panel --- bin/v-add-dns-on-web-alias | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-add-dns-on-web-alias b/bin/v-add-dns-on-web-alias index cc587483..a6a7272c 100755 --- a/bin/v-add-dns-on-web-alias +++ b/bin/v-add-dns-on-web-alias @@ -50,12 +50,12 @@ domain_lvl=$(echo "$alias" |grep -o "\." |wc -l) # Adding second level domain if [ "$domain_lvl" -eq 1 ] || [ "${#top_domain}" -le '6' ]; then $BIN/v-add-dns-domain \ - $user $alias $ip '' '' '' '' '' $restart >> /dev/null + $user $alias $ip '' '' '' '' '' '' '' '' $restart >> /dev/null exit fi # Adding top-level domain and then its sub -$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' $restart >> /dev/null +$BIN/v-add-dns-domain $user $top_domain $ip '' '' '' '' '' $restart >> /dev/null # Checking top-level domain if [ ! -e "$USER_DATA/dns/$top_domain.conf" ]; then From 4401d706a449fe94443ea6c179fc18f43cc73183 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 31 May 2018 15:56:34 +0300 Subject: [PATCH 011/140] Amazon Linux Support --- install/vst-install-amazon.sh | 1379 +++++++++++++++++++++++++++++++++ install/vst-install.sh | 1 + 2 files changed, 1380 insertions(+) create mode 100644 install/vst-install-amazon.sh diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh new file mode 100644 index 00000000..e57b26cc --- /dev/null +++ b/install/vst-install-amazon.sh @@ -0,0 +1,1379 @@ +#!/bin/bash + +# Vesta Amazon installer v.05 + +#----------------------------------------------------------# +# Variables&Functions # +#----------------------------------------------------------# +export PATH=$PATH:/sbin +RHOST='r.vestacp.com' +CHOST='c.vestacp.com' +REPO='cmmnt' +VERSION='rhel' +VESTA='/usr/local/vesta' +memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) +arch=$(uname -i) +os='rhel' +release='6' +codename="${os}_$release" +vestacp="$VESTA/install/$VERSION/$release" + +software="nginx httpd mod_ssl mod_ruid2 mod_fcgid mod_extract_forwarded + php php-common php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt + php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql + awstats webalizer vsftpd proftpd bind bind-utils bind-libs exim dovecot + clamd spamassassin mysql mysql-server phpMyAdmin postgresql + postgresql-server postgresql-contrib phpPgAdmin e2fsprogs openssh-clients + ImageMagick curl mc screen ftp zip unzip flex sqlite pcre sudo bc jwhois + mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype fail2ban + which vesta vesta-nginx vesta-php vim-common expect vesta-ioncube + vesta-softaculous" + +# Defining help function +help() { + echo "Usage: $0 [OPTIONS] + -a, --apache Install Apache [yes|no] default: yes + -n, --nginx Install Nginx [yes|no] default: yes + -w, --phpfpm Install PHP-FPM [yes|no] default: no + -v, --vsftpd Install Vsftpd [yes|no] default: yes + -j, --proftpd Install ProFTPD [yes|no] default: no + -k, --named Install Bind [yes|no] default: yes + -m, --mysql Install MySQL [yes|no] default: yes + -g, --postgresql Install PostgreSQL [yes|no] default: no + -d, --mongodb Install MongoDB [yes|no] unsupported + -x, --exim Install Exim [yes|no] default: yes + -z, --dovecot Install Dovecot [yes|no] default: yes + -c, --clamav Install ClamAV [yes|no] default: yes + -t, --spamassassin Install SpamAssassin [yes|no] default: yes + -i, --iptables Install Iptables [yes|no] default: yes + -b, --fail2ban Install Fail2ban [yes|no] default: yes + -r, --remi Install Remi repo [yes|no] default: yes + -o, --softaculous Install Softaculous [yes|no] default: yes + -q, --quota Filesystem Quota [yes|no] default: no + -l, --lang Default language default: en + -y, --interactive Interactive install [yes|no] default: yes + -s, --hostname Set hostname + -e, --email Set admin email + -p, --password Set admin password + -f, --force Force installation + -h, --help Print this help + + Example: bash $0 -e demo@vestacp.com -p p4ssw0rd --apache no --phpfpm yes" + exit 1 +} + +# Defining password-gen function +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + LENGTH=10 + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + +# Defining return code check function +check_result() { + if [ $1 -ne 0 ]; then + echo "Error: $2" + exit $1 + fi +} + +# Defining function to set default value +set_default_value() { + eval variable=\$$1 + if [ -z "$variable" ]; then + eval $1=$2 + fi + if [ "$variable" != 'yes' ] && [ "$variable" != 'no' ]; then + eval $1=$2 + fi +} + +# Define function to set default language value +set_default_lang() { + if [ -z "$lang" ]; then + eval lang=$1 + fi + lang_list=" + ar cz el fa hu ja no pt se ua + bs da en fi id ka pl ro tr vi + cn de es fr it nl pt-BR ru tw + bg ko sr th ur" + if !(echo $lang_list |grep -w $lang 1>&2>/dev/null); then + eval lang=$1 + fi +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +# Creating temporary file +tmpfile=$(mktemp -p /tmp) + +# Translating argument to --gnu-long-options +for arg; do + delim="" + case "$arg" in + --apache) args="${args}-a " ;; + --nginx) args="${args}-n " ;; + --phpfpm) args="${args}-w " ;; + --vsftpd) args="${args}-v " ;; + --proftpd) args="${args}-j " ;; + --named) args="${args}-k " ;; + --mysql) args="${args}-m " ;; + --postgresql) args="${args}-g " ;; + --mongodb) args="${args}-d " ;; + --exim) args="${args}-x " ;; + --dovecot) args="${args}-z " ;; + --clamav) args="${args}-c " ;; + --spamassassin) args="${args}-t " ;; + --iptables) args="${args}-i " ;; + --fail2ban) args="${args}-b " ;; + --remi) args="${args}-r " ;; + --softaculous) args="${args}-o " ;; + --quota) args="${args}-q " ;; + --lang) args="${args}-l " ;; + --interactive) args="${args}-y " ;; + --hostname) args="${args}-s " ;; + --email) args="${args}-e " ;; + --password) args="${args}-p " ;; + --force) args="${args}-f " ;; + --help) args="${args}-h " ;; + *) [[ "${arg:0:1}" == "-" ]] || delim="\"" + args="${args}${delim}${arg}${delim} ";; + esac +done +eval set -- "$args" + +# Parsing arguments +while getopts "a:n:w:v:j:k:m:g:d:x:z:c:t:i:b:r:o:q:l:y:s:e:p:fh" Option; do + case $Option in + a) apache=$OPTARG ;; # Apache + n) nginx=$OPTARG ;; # Nginx + w) phpfpm=$OPTARG ;; # PHP-FPM + v) vsftpd=$OPTARG ;; # Vsftpd + j) proftpd=$OPTARG ;; # Proftpd + k) named=$OPTARG ;; # Named + m) mysql=$OPTARG ;; # MySQL + g) postgresql=$OPTARG ;; # PostgreSQL + d) mongodb=$OPTARG ;; # MongoDB (unsupported) + x) exim=$OPTARG ;; # Exim + z) dovecot=$OPTARG ;; # Dovecot + c) clamd=$OPTARG ;; # ClamAV + t) spamd=$OPTARG ;; # SpamAssassin + i) iptables=$OPTARG ;; # Iptables + b) fail2ban=$OPTARG ;; # Fail2ban + r) remi=$OPTARG ;; # Remi repo + o) softaculous=$OPTARG ;; # Softaculous plugin + q) quota=$OPTARG ;; # FS Quota + l) lang=$OPTARG ;; # Language + y) interactive=$OPTARG ;; # Interactive install + s) servername=$OPTARG ;; # Hostname + e) email=$OPTARG ;; # Admin email + p) vpass=$OPTARG ;; # Admin password + f) force='yes' ;; # Force install + h) help ;; # Help + *) help ;; # Print help (default) + esac +done + +# Defining default software stack +set_default_value 'nginx' 'yes' +set_default_value 'apache' 'yes' +set_default_value 'phpfpm' 'no' +set_default_value 'vsftpd' 'yes' +set_default_value 'proftpd' 'no' +set_default_value 'named' 'yes' +set_default_value 'mysql' 'yes' +set_default_value 'postgresql' 'no' +set_default_value 'mongodb' 'no' +set_default_value 'exim' 'yes' +set_default_value 'dovecot' 'yes' +if [ $memory -lt 1500000 ]; then + set_default_value 'clamd' 'no' + set_default_value 'spamd' 'no' +else + set_default_value 'clamd' 'yes' + set_default_value 'spamd' 'yes' +fi +set_default_value 'iptables' 'yes' +set_default_value 'fail2ban' 'yes' +set_default_value 'remi' 'yes' +set_default_value 'softaculous' 'yes' +set_default_value 'quota' 'no' +set_default_value 'interactive' 'yes' +set_default_lang 'en' + +# Checking software conflicts +if [ "$phpfpm" = 'yes' ]; then + apache='no' + nginx='yes' +fi +if [ "$proftpd" = 'yes' ]; then + vsftpd='no' +fi +if [ "$exim" = 'no' ]; then + clamd='no' + spamd='no' + dovecot='no' +fi +if [ "$iptables" = 'no' ]; then + fail2ban='no' +fi + + +# Checking root permissions +if [ "x$(id -u)" != 'x0' ]; then + check_result 1 "Script can be run executed only by root" +fi + +# Checking admin user account +if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then + echo 'Please remove admin user account before proceeding.' + echo 'If you want to do it automatically run installer with -f option:' + echo -e "Example: bash $0 --force\n" + check_result 1 "User admin exists" +fi + +# Checking wget +if [ ! -e '/usr/bin/wget' ]; then + yum -y install wget + check_result $? "Can't install wget" +fi + +# Checking repository availability +wget -q "http://c.vestacp.com/GPG.txt" -O /dev/null +check_result $? "No access to Vesta repository" + +# Checking installed packages +rpm -qa > $tmpfile +for pkg in exim mysql-server httpd nginx vesta; do + if [ ! -z "$(grep $pkg $tmpfile)" ]; then + conflicts="$pkg $conflicts" + fi +done +if [ ! -z "$conflicts" ] && [ -z "$force" ]; then + echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' + echo + echo 'Following packages are already installed:' + echo "$conflicts" + echo + echo 'It is highly recommended to remove them before proceeding.' + echo 'If you want to force installation run this script with -f option:' + echo "Example: bash $0 --force" + echo + echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' + echo + check_result 1 "Control Panel should be installed on clean server." +fi + + +#----------------------------------------------------------# +# Brief Info # +#----------------------------------------------------------# + +# Printing nice ascii as logo +clear +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _| _|_|_| _|_| _| _|_|_|_|' +echo ' _| _| _| _| _| _| _|' +echo ' _| _|_|_|_| _|_|_| _| _| _|' +echo +echo ' Vesta Control Panel' +echo -e "\n\n" + +echo 'Following software will be installed on your system:' + +# Web stack +if [ "$nginx" = 'yes' ]; then + echo ' - Nginx Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo ' - Apache Web Server' +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo ' - Apache Web Server (as backend)' +fi +if [ "$phpfpm" = 'yes' ]; then + echo ' - PHP-FPM Application Server' +fi + +# DNS stack +if [ "$named" = 'yes' ]; then + echo ' - Bind DNS Server' +fi + +# Mail Stack +if [ "$exim" = 'yes' ]; then + echo -n ' - Exim mail server' + if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then + echo -n ' + ' + if [ "$clamd" = 'yes' ]; then + echo -n 'Antivirus ' + fi + if [ "$spamd" = 'yes' ]; then + echo -n 'Antispam' + fi + fi + echo + if [ "$dovecot" = 'yes' ]; then + echo ' - Dovecot POP3/IMAP Server' + fi +fi + +# DB stack +if [ "$mysql" = 'yes' ]; then + if [ $release = 7 ]; then + echo ' - MariaDB Database Server' + else + echo ' - MySQL Database Server' + fi +fi +if [ "$postgresql" = 'yes' ]; then + echo ' - PostgreSQL Database Server' +fi +if [ "$mongodb" = 'yes' ]; then + echo ' - MongoDB Database Server' +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo ' - Vsftpd FTP Server' +fi +if [ "$proftpd" = 'yes' ]; then + echo ' - ProFTPD FTP Server' +fi + +# Softaculous +if [ "$softaculous" = 'yes' ]; then + echo ' - Softaculous Plugin' +fi + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo -n ' - Iptables Firewall' +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo -n ' + Fail2Ban' +fi +echo -e "\n\n" + +# Asking for confirmation to proceed +if [ "$interactive" = 'yes' ]; then + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi + + # Asking for contact email + if [ -z "$email" ]; then + read -p 'Please enter admin email address: ' email + fi + + # Asking to set FQDN hostname + if [ -z "$servername" ]; then + read -p "Please enter FQDN hostname [$(hostname)]: " servername + fi +fi + +# Generating admin password if it wasn't set +if [ -z "$vpass" ]; then + vpass=$(gen_pass) +fi + +# Set hostname if it wasn't set +if [ -z "$servername" ]; then + servername=$(hostname -f) +fi + +# Set FQDN if it wasn't set +mask1='(([[:alnum:]](-?[[:alnum:]])*)\.)' +mask2='*[[:alnum:]](-?[[:alnum:]])+\.[[:alnum:]]{2,}' +if ! [[ "$servername" =~ ^${mask1}${mask2}$ ]]; then + if [ ! -z "$servername" ]; then + servername="$servername.example.com" + else + servername="example.com" + fi + echo "127.0.0.1 $servername" >> /etc/hosts +fi + +# Set email if it wasn't set +if [ -z "$email" ]; then + email="admin@$servername" +fi + +# Defining backup directory +vst_backups="/root/vst_install_backups/$(date +%s)" +echo "Installation backup directory: $vst_backups" + +# Printing start message and sleeping for 5 seconds +echo -e "\n\n\n\nInstallation will take about 15 minutes ...\n" +sleep 5 + + +#----------------------------------------------------------# +# Checking swap # +#----------------------------------------------------------# + +# Checking swap on small instances +if [ -z "$(swapon -s)" ] && [ $memory -lt 1000000 ]; then + fallocate -l 1G /swapfile + chmod 600 /swapfile + mkswap /swapfile + swapon /swapfile + echo "/swapfile none swap sw 0 0" >> /etc/fstab +fi + + +#----------------------------------------------------------# +# Install repositories # +#----------------------------------------------------------# + +# Updating system packages +yum -y update +check_result $? 'yum update failed' + +# Enabling EPEL repository +sed "1,10s/enabled=0/enabled=1/" -i /etc/yum.repos.d/epel.repo +yum -y update +check_result $? "Can't install EPEL repository" + +# Installing Nginx repository +nrepo="/etc/yum.repos.d/nginx.repo" +echo "[nginx]" > $nrepo +echo "name=nginx repo" >> $nrepo +echo "baseurl=http://nginx.org/packages/centos/$release/\$basearch/" >> $nrepo +echo "gpgcheck=0" >> $nrepo +echo "enabled=1" >> $nrepo + +# Installing Vesta repository +vrepo='/etc/yum.repos.d/vesta.repo' +echo "[vesta]" > $vrepo +echo "name=Vesta - $REPO" >> $vrepo +echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo +echo "enabled=1" >> $vrepo +echo "gpgcheck=1" >> $vrepo +echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo +wget http://c.vestacp.com/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA + + +#----------------------------------------------------------# +# Backup # +#----------------------------------------------------------# + +# Creating backup directory tree +mkdir -p $vst_backups +cd $vst_backups +mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ + spamassassin mysql postgresql mongodb vesta + +# Backing up Nginx configuration +service nginx stop > /dev/null 2>&1 +cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 + +# Backing up Apache configuration +service httpd stop > /dev/null 2>&1 +cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 + +# Backing up PHP configuration +service php-fpm stop >/dev/null 2>&1 +cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 +cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 +cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 +mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 + +# Backing up Bind configuration +yum remove bind-chroot > /dev/null 2>&1 +service named stop > /dev/null 2>&1 +cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 + +# Backing up Vsftpd configuration +service vsftpd stop > /dev/null 2>&1 +cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 + +# Backing up ProFTPD configuration +service proftpd stop > /dev/null 2>&1 +cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 + +# Backing up Exim configuration +service exim stop > /dev/null 2>&1 +cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 + +# Backing up ClamAV configuration +service clamd stop > /dev/null 2>&1 +cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 +cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 + +# Backing up SpamAssassin configuration +service spamassassin stop > /dev/null 2>&1 +cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 + +# Backing up Dovecot configuration +service dovecot stop > /dev/null 2>&1 +cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 +cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 + +# Backing up MySQL/MariaDB configuration and data +service mysql stop > /dev/null 2>&1 +service mysqld stop > /dev/null 2>&1 +service mariadb stop > /dev/null 2>&1 +mv /var/lib/mysql $vst_backups/mysql/mysql_datadir >/dev/null 2>&1 +cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 +cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 +mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 + +# Backing up MySQL/MariaDB configuration and data +service postgresql stop > /dev/null 2>&1 +mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 + +# Backing up Vesta configuration and data +service vesta stop > /dev/null 2>&1 +mv $VESTA/data/* $vst_backups/vesta > /dev/null 2>&1 +mv $VESTA/conf/* $vst_backups/vesta > /dev/null 2>&1 + + +#----------------------------------------------------------# +# Package Exludes # +#----------------------------------------------------------# + +# Excluding packages +if [ "$nginx" = 'no' ]; then + software=$(echo "$software" | sed -e "s/^nginx//") +fi +if [ "$apache" = 'no' ]; then + software=$(echo "$software" | sed -e "s/httpd//") + software=$(echo "$software" | sed -e "s/mod_ssl//") + software=$(echo "$software" | sed -e "s/mod_fcgid//") + software=$(echo "$software" | sed -e "s/mod_ruid2//") +fi +if [ "$phpfpm" = 'no' ]; then + software=$(echo "$software" | sed -e "s/php-fpm//") +fi +if [ "$vsftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/vsftpd//") +fi +if [ "$proftpd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/proftpd//") +fi +if [ "$named" = 'no' ]; then + software=$(echo "$software" | sed -e "s/bind //") +fi +if [ "$exim" = 'no' ]; then + software=$(echo "$software" | sed -e "s/exim//") + software=$(echo "$software" | sed -e "s/dovecot//") + software=$(echo "$software" | sed -e "s/clamd//") + software=$(echo "$software" | sed -e "s/clamav-server//") + software=$(echo "$software" | sed -e "s/clamav-update//") + software=$(echo "$software" | sed -e "s/spamassassin//") + software=$(echo "$software" | sed -e "s/dovecot//") + software=$(echo "$software" | sed -e "s/roundcubemail//") +fi +if [ "$clamd" = 'no' ]; then + software=$(echo "$software" | sed -e "s/clamd//") + software=$(echo "$software" | sed -e "s/clamav-server//") + software=$(echo "$software" | sed -e "s/clamav-update//") +fi +if [ "$spamd" = 'no' ]; then + software=$(echo "$software" | sed -e 's/spamassassin//') +fi +if [ "$dovecot" = 'no' ]; then + software=$(echo "$software" | sed -e "s/dovecot//") +fi +if [ "$mysql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/mysql //') + software=$(echo "$software" | sed -e 's/mysql-server//') + software=$(echo "$software" | sed -e 's/mariadb //') + software=$(echo "$software" | sed -e 's/mariadb-server//') + software=$(echo "$software" | sed -e 's/php-mysql//') + software=$(echo "$software" | sed -e 's/phpMyAdmin//') + software=$(echo "$software" | sed -e 's/roundcubemail//') +fi +if [ "$postgresql" = 'no' ]; then + software=$(echo "$software" | sed -e 's/postgresql //') + software=$(echo "$software" | sed -e 's/postgresql-server//') + software=$(echo "$software" | sed -e 's/postgresql-contrib//') + software=$(echo "$software" | sed -e 's/php-pgsql//') + software=$(echo "$software" | sed -e 's/phpPgAdmin//') +fi +if [ "$softaculous" = 'no' ]; then + software=$(echo "$software" | sed -e 's/vesta-softaculous//') +fi +if [ "$iptables" = 'no' ] || [ "$fail2ban" = 'no' ]; then + software=$(echo "$software" | sed -e 's/fail2ban//') +fi + + +#----------------------------------------------------------# +# Install packages # +#----------------------------------------------------------# + +# Installing rpm packages +yum -y install $software +check_result $? "yum install failed" + +# Installing roundcube +if [ "$exim" != 'no' ]; then + yum -y install --exclude=php-pear-Auth-SASL-0:1.0.4-1.2.amzn1.noarch \ + --exclude=php5\* --exclude=httpd24\* roundcubemail + check_result $? "yum install failed" +fi + + +#----------------------------------------------------------# +# Configure system # +#----------------------------------------------------------# + +# Restarting rsyslog +service rsyslog restart > /dev/null 2>&1 + +# Checking ipv6 on loopback interface +check_lo_ipv6=$(/sbin/ip addr | grep 'inet6') +check_rc_ipv6=$(grep 'scope global dev lo' /etc/rc.local) +if [ ! -z "$check_lo_ipv6)" ] && [ -z "$check_rc_ipv6" ]; then + ip addr add ::2/128 scope global dev lo + echo "# Vesta: Workraround for openssl validation func" >> /etc/rc.local + echo "ip addr add ::2/128 scope global dev lo" >> /etc/rc.local + chmod a+x /etc/rc.local +fi + +# Disabling SELinux +if [ -e '/etc/sysconfig/selinux' ]; then + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux + sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + setenforce 0 2>/dev/null +fi + +# Disable iptables +service iptables stop + +# Configuring NTP synchronization +echo '#!/bin/sh' > /etc/cron.daily/ntpdate +echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate +chmod 775 /etc/cron.daily/ntpdate +ntpdate -s pool.ntp.org + +# Disabling webalizer routine +rm -f /etc/cron.daily/00webalizer + +# Adding backup user +adduser backup 2>/dev/null +ln -sf /home/backup /backup +chmod a+x /backup + +# Chaning default directory color +echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile + +# Changing default systemd interval +if [ "$release" -eq '7' ]; then + # Hi Lennart + echo "DefaultStartLimitInterval=1s" >> /etc/systemd/system.conf + echo "DefaultStartLimitBurst=60" >> /etc/systemd/system.conf + systemctl daemon-reexec +fi + + +#----------------------------------------------------------# +# Configure VESTA # +#----------------------------------------------------------# + +# Downlading sudo configuration +mkdir -p /etc/sudoers.d +cp -f $vestacp/sudo/admin /etc/sudoers.d/ +chmod 440 /etc/sudoers.d/admin + +# Configuring system env +echo "export VESTA='$VESTA'" > /etc/profile.d/vesta.sh +chmod 755 /etc/profile.d/vesta.sh +source /etc/profile.d/vesta.sh +echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile +echo 'export PATH' >> /root/.bash_profile +source /root/.bash_profile + +# Configuring logrotate for vesta logs +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ + +# Buidling directory tree and creating some blank files for vesta +mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ + $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ + $VESTA/data/sessions +touch $VESTA/data/queue/backup.pipe $VESTA/data/queue/disk.pipe \ + $VESTA/data/queue/webstats.pipe $VESTA/data/queue/restart.pipe \ + $VESTA/data/queue/traffic.pipe $VESTA/log/system.log \ + $VESTA/log/nginx-error.log $VESTA/log/auth.log +chmod 750 $VESTA/conf $VESTA/data/users $VESTA/data/ips $VESTA/log +chmod -R 750 $VESTA/data/queue +chmod 660 $VESTA/log/* +rm -f /var/log/vesta +ln -s $VESTA/log /var/log/vesta +chmod 770 $VESTA/data/sessions + +# Generating vesta configuration +rm -f $VESTA/conf/vesta.conf 2>/dev/null +touch $VESTA/conf/vesta.conf +chmod 660 $VESTA/conf/vesta.conf + +# WEB stack +if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then + echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'yes' ] && [ "$nginx" = 'yes' ] ; then + echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf + echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='8080'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='8443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='mod_ssl'" >> $VESTA/conf/vesta.conf + echo "PROXY_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "PROXY_PORT='80'" >> $VESTA/conf/vesta.conf + echo "PROXY_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi +if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then + echo "WEB_SYSTEM='nginx'" >> $VESTA/conf/vesta.conf + echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf + echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf + if [ "$phpfpm" = 'yes' ]; then + echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf + fi + echo "STATS_SYSTEM='webalizer,awstats'" >> $VESTA/conf/vesta.conf +fi + +# FTP stack +if [ "$vsftpd" = 'yes' ]; then + echo "FTP_SYSTEM='vsftpd'" >> $VESTA/conf/vesta.conf +fi +if [ "$proftpd" = 'yes' ]; then + echo "FTP_SYSTEM='proftpd'" >> $VESTA/conf/vesta.conf +fi + +# DNS stack +if [ "$named" = 'yes' ]; then + echo "DNS_SYSTEM='named'" >> $VESTA/conf/vesta.conf +fi + +# Mail stack +if [ "$exim" = 'yes' ]; then + echo "MAIL_SYSTEM='exim'" >> $VESTA/conf/vesta.conf + if [ "$clamd" = 'yes' ]; then + echo "ANTIVIRUS_SYSTEM='clamav'" >> $VESTA/conf/vesta.conf + fi + if [ "$spamd" = 'yes' ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + fi + if [ "$dovecot" = 'yes' ]; then + echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf + fi +fi + +# CRON daemon +echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf + +# Firewall stack +if [ "$iptables" = 'yes' ]; then + echo "FIREWALL_SYSTEM='iptables'" >> $VESTA/conf/vesta.conf +fi +if [ "$iptables" = 'yes' ] && [ "$fail2ban" = 'yes' ]; then + echo "FIREWALL_EXTENSION='fail2ban'" >> $VESTA/conf/vesta.conf +fi + +# Disk quota +if [ "$quota" = 'yes' ]; then + echo "DISK_QUOTA='yes'" >> $VESTA/conf/vesta.conf +fi + +# Backups +echo "BACKUP_SYSTEM='local'" >> $VESTA/conf/vesta.conf + +# Language +echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf + +# Version +echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf + +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ + +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ + +# Copying index.html to default documentroot +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/html/ +sed -i 's/%domain%/It worked!/g' /var/www/html/index.html + +# Installing firewall rules +chkconfig firewalld off >/dev/null 2>&1 +cp -rf $vestacp/firewall $VESTA/data/ + +# Configuring server hostname +$VESTA/bin/v-change-sys-hostname $servername 2>/dev/null + +# Generating SSL certificate +$VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ + 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem + +# Parsing certificate file +crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) +key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) +key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) + +# Adding SSL certificate +cd $VESTA/ssl +sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt +sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key +chown root:mail $VESTA/ssl/* +chmod 660 $VESTA/ssl/* +chmod u+s /usr/bin/find +rm /tmp/vst.pem + + +#----------------------------------------------------------# +# Configure Nginx # +#----------------------------------------------------------# + +if [ "$nginx" = 'yes' ]; then + rm -f /etc/nginx/conf.d/*.conf + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ + echo > /etc/nginx/conf.d/vesta.conf + mkdir -p /var/log/nginx/domains + if [ "$release" -eq 7 ]; then + mkdir /etc/systemd/system/nginx.service.d + cd /etc/systemd/system/nginx.service.d + echo "[Service]" > limits.conf + echo "LimitNOFILE=500000" >> limits.conf + fi + chkconfig nginx on + service nginx start + check_result $? "nginx start failed" + + # Workaround for OpenVZ/Virtuozzo + if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + echo "#Vesta: workraround for networkmanager" >> /etc/rc.local + echo "sleep 3 && service nginx restart" >> /etc/rc.local + fi +fi + + +#----------------------------------------------------------# +# Configure Apache # +#----------------------------------------------------------# + +if [ "$apache" = 'yes' ]; then + cp -f $vestacp/httpd/httpd.conf /etc/httpd/conf/ + cp -f $vestacp/httpd/status.conf /etc/httpd/conf.d/ + cp -f $vestacp/httpd/ssl.conf /etc/httpd/conf.d/ + cp -f $vestacp/httpd/ruid2.conf /etc/httpd/conf.d/ + cp -f $vestacp/logrotate/httpd /etc/logrotate.d/ + if [ $release -ne 7 ]; then + echo "MEFaccept 127.0.0.1" >> /etc/httpd/conf.d/mod_extract*.conf + echo > /etc/httpd/conf.d/proxy_ajp.conf + fi + if [ -e "conf.modules.d/00-dav.conf" ]; then + cd /etc/httpd/conf.modules.d + sed -i "s/^/#/" 00-dav.conf 00-lua.conf 00-proxy.conf + fi + echo > /etc/httpd/conf.d/vesta.conf + cd /var/log/httpd + touch access_log error_log suexec.log + chmod 640 access_log error_log suexec.log + chmod -f 777 /var/lib/php/session + chmod a+x /var/log/httpd + mkdir -p /var/log/httpd/domains + chmod 751 /var/log/httpd/domains + if [ "$release" -eq 7 ]; then + mkdir /etc/systemd/system/httpd.service.d + cd /etc/systemd/system/httpd.service.d + echo "[Service]" > limits.conf + echo "LimitNOFILE=500000" >> limits.conf + fi + chkconfig httpd on + service httpd start + check_result $? "httpd start failed" + + # Workaround for OpenVZ/Virtuozzo + if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + echo "#Vesta: workraround for networkmanager" >> /etc/rc.local + echo "sleep 2 && service httpd restart" >> /etc/rc.local + fi +fi + + +#----------------------------------------------------------# +# Configure PHP-FPM # +#----------------------------------------------------------# + +if [ "$phpfpm" = 'yes' ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php-fpm.d/ + chkconfig php-fpm on + service php-fpm start + check_result $? "php-fpm start failed" +fi + + +#----------------------------------------------------------# +# Configure PHP # +#----------------------------------------------------------# + +ZONE=$(timedatectl 2>/dev/null|grep Timezone|awk '{print $2}') +if [ -e '/etc/sysconfig/clock' ]; then + source /etc/sysconfig/clock +fi +if [ -z "$ZONE" ]; then + ZONE='UTC' +fi +for pconf in $(find /etc/php* -name php.ini); do + sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf + sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf +done + + +#----------------------------------------------------------# +# Configure VSFTPD # +#----------------------------------------------------------# + +if [ "$vsftpd" = 'yes' ]; then + cp -f $vestacp/vsftpd/vsftpd.conf /etc/vsftpd/ + chkconfig vsftpd on + service vsftpd start + check_result $? "vsftpd start failed" + + # To be deleted after release 0.9.8-18 + echo "/sbin/nologin" >> /etc/shells +fi + + +#----------------------------------------------------------# +# Configure ProFTPD # +#----------------------------------------------------------# + +if [ "$proftpd" = 'yes' ]; then + cp -f $vestacp/proftpd/proftpd.conf /etc/ + chkconfig proftpd on + service proftpd start + check_result $? "proftpd start failed" +fi + + +#----------------------------------------------------------# +# Configure MySQL/MariaDB # +#----------------------------------------------------------# + +if [ "$mysql" = 'yes' ]; then + + mycnf="my-small.cnf" + if [ $memory -gt 1200000 ]; then + mycnf="my-medium.cnf" + fi + if [ $memory -gt 3900000 ]; then + mycnf="my-large.cnf" + fi + + mkdir -p /var/lib/mysql + chown mysql:mysql /var/lib/mysql + mkdir -p /etc/my.cnf.d + + if [ $release -ne 7 ]; then + service='mysqld' + else + service='mariadb' + fi + + cp -f $vestacp/$service/$mycnf /etc/ + chkconfig $service on + service $service start + if [ "$?" -ne 0 ]; then + if [ -e "/proc/user_beancounters" ]; then + # Fix for aio on OpenVZ + sed -i "s/#innodb_use_native/innodb_use_native/g" /etc/my.cnf + fi + service $service start + check_result $? "$service start failed" + fi + + # Securing MySQL installation + mysqladmin -u root password $vpass + echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + chmod 600 /root/.my.cnf + mysql -e "DELETE FROM mysql.user WHERE User=''" + mysql -e "DROP DATABASE test" >/dev/null 2>&1 + mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" + mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "FLUSH PRIVILEGES" + + # Configuring phpMyAdmin + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pma/phpMyAdmin.conf /etc/httpd/conf.d/ + fi + cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php + sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php +fi + + +#----------------------------------------------------------# +# Configure PostgreSQL # +#----------------------------------------------------------# + +if [ "$postgresql" = 'yes' ]; then + if [ $release = 5 ]; then + service postgresql start + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + service postgresql stop + cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ + service postgresql start + else + service postgresql initdb + cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ + service postgresql start + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + fi + # Configuring phpPgAdmin + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pga/phpPgAdmin.conf /etc/httpd/conf.d/ + fi + cp -f $vestacp/pga/config.inc.php /etc/phpPgAdmin/ +fi + + +#----------------------------------------------------------# +# Configure Bind # +#----------------------------------------------------------# + +if [ "$named" = 'yes' ]; then + cp -f $vestacp/named/named.conf /etc/ + chown root:named /etc/named.conf + chmod 640 /etc/named.conf + chkconfig named on + service named start + check_result $? "named start failed" +fi + + +#----------------------------------------------------------# +# Configure Exim # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ]; then + gpasswd -a exim mail + cp -f $vestacp/exim/exim.conf /etc/exim/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim/ + touch /etc/exim/white-blocks.conf + + if [ "$spamd" = 'yes' ]; then + sed -i "s/#SPAM/SPAM/g" /etc/exim/exim.conf + fi + if [ "$clamd" = 'yes' ]; then + sed -i "s/#CLAMD/CLAMD/g" /etc/exim/exim.conf + fi + + chmod 640 /etc/exim/exim.conf + rm -rf /etc/exim/domains + mkdir -p /etc/exim/domains + + rm -f /etc/alternatives/mta + ln -s /usr/sbin/sendmail.exim /etc/alternatives/mta + chkconfig sendmail off 2>/dev/null + service sendmail stop 2>/dev/null + chkconfig postfix off 2>/dev/null + service postfix stop 2>/dev/null + + chkconfig exim on + service exim start + check_result $? "exim start failed" +fi + + +#----------------------------------------------------------# +# Configure Dovecot # +#----------------------------------------------------------# + +if [ "$dovecot" = 'yes' ]; then + gpasswd -a dovecot mail + cp -rf $vestacp/dovecot /etc/ + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ + chown -R root:root /etc/dovecot* + chkconfig dovecot on + service dovecot start + check_result $? "dovecot start failed" +fi + + +#----------------------------------------------------------# +# Configure ClamAV # +#----------------------------------------------------------# + +if [ "$clamd" = 'yes' ]; then + useradd clam -s /sbin/nologin -d /var/lib/clamav 2>/dev/null + gpasswd -a clam exim + gpasswd -a clam mail + cp -f $vestacp/clamav/clamd.conf /etc/ + cp -f $vestacp/clamav/freshclam.conf /etc/ + mkdir -p /var/log/clamav + mkdir -p /var/run/clamav + chown clam:clam /var/log/clamav /var/run/clamav + chown -R clam:clam /var/lib/clamav + if [ "$release" -eq '7' ]; then + cp -f $vestacp/clamav/clamd.service /usr/lib/systemd/system/ + systemctl --system daemon-reload + fi + /usr/bin/freshclam + if [ "$release" -eq '7' ]; then + sed -i "s/nofork/foreground/" /usr/lib/systemd/system/clamd.service + systemctl daemon-reload + fi + chkconfig clamd on + service clamd start + #check_result $? "clamd start failed" +fi + + +#----------------------------------------------------------# +# Configure SpamAssassin # +#----------------------------------------------------------# + +if [ "$spamd" = 'yes' ]; then + chkconfig spamassassin on + service spamassassin start + check_result $? "spamassassin start failed" + if [ "$release" -eq '7' ]; then + groupadd -g 1001 spamd + useradd -u 1001 -g spamd -s /sbin/nologin -d \ + /var/lib/spamassassin spamd + mkdir /var/lib/spamassassin + chown spamd:spamd /var/lib/spamassassin + fi +fi + + +#----------------------------------------------------------# +# Configure RoundCube # +#----------------------------------------------------------# + +if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/roundcube/roundcubemail.conf /etc/httpd/conf.d/ + fi + cp -f $vestacp/roundcube/main.inc.php /etc/roundcubemail/config.inc.php + cd /usr/share/roundcubemail/plugins/password + cp -f $vestacp/roundcube/vesta.php drivers/vesta.php + cp -f $vestacp/roundcube/config.inc.php config.inc.php + sed -i "s/localhost/$servername/g" config.inc.php + chmod a+r /etc/roundcubemail/* + chmod -f 777 /var/log/roundcubemail + r="$(gen_pass)" + mysql -e "CREATE DATABASE roundcube" + mysql -e "GRANT ALL ON roundcube.* TO + roundcube@localhost IDENTIFIED BY '$r'" + sed -i "s/%password%/$r/g" /etc/roundcubemail/config.inc.php + chmod 640 /etc/roundcubemail/config.inc.php + chown root:apache /etc/roundcubemail/config.inc.php + if [ -e "/usr/share/roundcubemail/SQL/mysql.initial.sql" ]; then + mysql roundcube < /usr/share/roundcubemail/SQL/mysql.initial.sql + else + mysql roundcube < /usr/share/doc/roundcubemail-*/SQL/mysql.initial.sql + fi +fi + + +#----------------------------------------------------------# +# Configure Fail2Ban # +#----------------------------------------------------------# + +if [ "$fail2ban" = 'yes' ]; then + cp -rf $vestacp/fail2ban /etc/ + if [ "$dovecot" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + if [ "$exim" = 'no' ]; then + fline=$(cat /etc/fail2ban/jail.local |grep -n exim-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local + fi + if [ "$vsftpd" = 'yes' ]; then + #Create vsftpd Log File + if [ ! -f "/var/log/vsftpd.log" ]; then + touch /var/log/vsftpd.log + fi + fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local + fi + chkconfig fail2ban on + /bin/mkdir -p /var/run/fail2ban + if [ -e "/usr/lib/systemd/system/fail2ban.service" ]; then + exec_pre='ExecStartPre=/bin/mkdir -p /var/run/fail2ban' + sed -i "s|\[Service\]|[Service]\n$exec_pre|g" \ + /usr/lib/systemd/system/fail2ban.service + systemctl daemon-reload + fi + service fail2ban start + check_result $? "fail2ban start failed" +fi + + +#----------------------------------------------------------# +# Configure Admin User # +#----------------------------------------------------------# + +# Deleting old admin user +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then + chattr -i /home/admin/conf > /dev/null 2>&1 + userdel -f admin >/dev/null 2>&1 + chattr -i /home/admin/conf >/dev/null 2>&1 + mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 + rm -f /tmp/sess_* >/dev/null 2>&1 +fi +if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then + groupdel admin > /dev/null 2>&1 +fi + +# Adding vesta account +$VESTA/bin/v-add-user admin $vpass $email default System Administrator +check_result $? "can't create admin user" +$VESTA/bin/v-change-user-shell admin bash +$VESTA/bin/v-change-user-language admin $lang + +# Configuring system ips +$VESTA/bin/v-update-sys-ip + +# Get main ip +ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) + +# Firewall configuration +if [ "$iptables" = 'yes' ]; then + $VESTA/bin/v-update-firewall +fi + +# Get public ip +pub_ip=$(curl -s vestacp.com/what-is-my-ip/) +if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local + $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip + ip=$pub_ip +fi + +# Configuring mysql host +if [ "$mysql" = 'yes' ]; then + $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database admin default default $(gen_pass) mysql +fi + +# Configuring pgsql host +if [ "$postgresql" = 'yes' ]; then + $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql +fi + +# Adding default domain +$VESTA/bin/v-add-domain admin $servername +check_result $? "can't create $servername domain" + +command="sudo $VESTA/bin/v-update-sys-queue disk" +$VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue traffic" +$VESTA/bin/v-add-cron-job 'admin' '10' '00' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue webstats" +$VESTA/bin/v-add-cron-job 'admin' '30' '03' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-queue backup" +$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-backup-users" +$VESTA/bin/v-add-cron-job 'admin' '10' '05' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-user-stats" +$VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" +command="sudo $VESTA/bin/v-update-sys-rrd" +$VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" +service crond restart + +# Building initial rrd images +$VESTA/bin/v-update-sys-rrd + +# Enabling file system quota +if [ "$quota" = 'yes' ]; then + $VESTA/bin/v-add-sys-quota +fi + +# Enabling softaculous plugin +if [ "$softaculous" = 'yes' ]; then + $VESTA/bin/v-add-vesta-softaculous +fi + +# Starting vesta service +chkconfig vesta on +service vesta start +check_result $? "vesta start failed" +chown admin:admin $VESTA/data/sessions + +# Adding notifications +$VESTA/upd/add_notifications.sh + +# Adding cronjob for autoupdates +$VESTA/bin/v-add-cron-vesta-autoupdate + + +#----------------------------------------------------------# +# Vesta Access Info # +#----------------------------------------------------------# + +# Sending install notification to vestacp.com +wget vestacp.com/notify/?$codename -O /dev/null -q + +# Comparing hostname and ip +host_ip=$(host $servername |head -n 1 |awk '{print $NF}') +if [ "$host_ip" = "$ip" ]; then + ip="$servername" +fi + +# Sending notification to admin email +echo -e "Congratulations, you have just successfully installed \ +Vesta Control Panel + + https://$ip:8083 + username: admin + password: $vpass + +We hope that you enjoy your installation of Vesta. Please \ +feel free to contact us anytime if you have any questions. +Thank you. + +-- +Sincerely yours +vestacp.com team +" > $tmpfile + +send_mail="$VESTA/web/inc/mail-wrapper.php" +cat $tmpfile | $send_mail -s "Vesta Control Panel" $email + +# Congrats +echo '=======================================================' +echo +echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_| ' +echo ' _| _| _| _| _| _| _| ' +echo ' _| _| _|_|_| _|_| _| _|_|_|_| ' +echo ' _| _| _| _| _| _| _| ' +echo ' _| _|_|_|_| _|_|_| _| _| _| ' +echo +echo +cat $tmpfile +rm -f $tmpfile + +# EOF diff --git a/install/vst-install.sh b/install/vst-install.sh index 5589db79..40dd5025 100755 --- a/install/vst-install.sh +++ b/install/vst-install.sh @@ -41,6 +41,7 @@ fi case $(head -n1 /etc/issue | cut -f 1 -d ' ') in Debian) type="debian" ;; Ubuntu) type="ubuntu" ;; + Amazon) type="amazon" ;; *) type="rhel" ;; esac From 4a3cec1290f59de2e2360b5018d59a8c3257c47c Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 31 May 2018 16:01:46 +0300 Subject: [PATCH 012/140] default configs for ubuntu releases --- install/ubuntu/17.04/apache2/apache2.conf | 94 ++ install/ubuntu/17.04/apache2/status.conf | 8 + install/ubuntu/17.04/bind/named.conf | 12 + install/ubuntu/17.04/clamav/clamd.conf | 61 ++ install/ubuntu/17.04/deb_signing.key | 30 + .../ubuntu/17.04/dovecot/conf.d/10-auth.conf | 4 + .../17.04/dovecot/conf.d/10-logging.conf | 1 + .../ubuntu/17.04/dovecot/conf.d/10-mail.conf | 4 + .../17.04/dovecot/conf.d/10-master.conf | 29 + .../ubuntu/17.04/dovecot/conf.d/10-ssl.conf | 5 + .../ubuntu/17.04/dovecot/conf.d/20-imap.conf | 58 ++ .../ubuntu/17.04/dovecot/conf.d/20-pop3.conf | 91 ++ .../dovecot/conf.d/auth-passwdfile.conf.ext | 9 + install/ubuntu/17.04/dovecot/dovecot.conf | 24 + install/ubuntu/17.04/exim/dnsbl.conf | 2 + install/ubuntu/17.04/exim/exim4.conf.template | 382 ++++++++ install/ubuntu/17.04/exim/spam-blocks.conf | 0 .../ubuntu/17.04/fail2ban/action.d/vesta.conf | 9 + .../ubuntu/17.04/fail2ban/filter.d/vesta.conf | 10 + install/ubuntu/17.04/fail2ban/jail.local | 51 ++ install/ubuntu/17.04/firewall/ports.conf | 17 + install/ubuntu/17.04/firewall/rules.conf | 11 + install/ubuntu/17.04/logrotate/apache2 | 19 + install/ubuntu/17.04/logrotate/dovecot | 12 + install/ubuntu/17.04/logrotate/nginx | 13 + install/ubuntu/17.04/logrotate/vesta | 7 + install/ubuntu/17.04/mysql/my-large.cnf | 41 + install/ubuntu/17.04/mysql/my-medium.cnf | 40 + install/ubuntu/17.04/mysql/my-small.cnf | 40 + install/ubuntu/17.04/nginx/nginx.conf | 136 +++ install/ubuntu/17.04/nginx/phpmyadmin.inc | 18 + install/ubuntu/17.04/nginx/phppgadmin.inc | 11 + install/ubuntu/17.04/nginx/status.conf | 9 + install/ubuntu/17.04/nginx/webmail.inc | 15 + install/ubuntu/17.04/packages/default.pkg | 18 + install/ubuntu/17.04/packages/gainsboro.pkg | 18 + install/ubuntu/17.04/packages/palegreen.pkg | 18 + install/ubuntu/17.04/packages/slategrey.pkg | 18 + install/ubuntu/17.04/pga/config.inc.php | 159 ++++ install/ubuntu/17.04/pga/phppgadmin.conf | 31 + install/ubuntu/17.04/php-fpm/www.conf | 11 + install/ubuntu/17.04/pma/apache.conf | 42 + install/ubuntu/17.04/pma/config.inc.php | 146 +++ install/ubuntu/17.04/postgresql/pg_hba.conf | 11 + install/ubuntu/17.04/proftpd/proftpd.conf | 32 + install/ubuntu/17.04/roundcube/apache.conf | 40 + install/ubuntu/17.04/roundcube/config.inc.php | 33 + install/ubuntu/17.04/roundcube/db.inc.php | 66 ++ install/ubuntu/17.04/roundcube/main.inc.php | 850 ++++++++++++++++++ install/ubuntu/17.04/roundcube/vesta.php | 71 ++ install/ubuntu/17.04/sudo/admin | 8 + .../ubuntu/17.04/templates/dns/child-ns.tpl | 14 + .../ubuntu/17.04/templates/dns/default.tpl | 18 + install/ubuntu/17.04/templates/dns/gmail.tpl | 12 + .../17.04/templates/web/apache2/basedir.stpl | 44 + .../17.04/templates/web/apache2/basedir.tpl | 38 + .../17.04/templates/web/apache2/default.stpl | 43 + .../17.04/templates/web/apache2/default.tpl | 37 + .../17.04/templates/web/apache2/hosting.stpl | 49 + .../17.04/templates/web/apache2/hosting.tpl | 43 + .../17.04/templates/web/apache2/phpcgi.sh | 16 + .../17.04/templates/web/apache2/phpcgi.stpl | 38 + .../17.04/templates/web/apache2/phpcgi.tpl | 31 + .../17.04/templates/web/apache2/phpfcgid.sh | 22 + .../17.04/templates/web/apache2/phpfcgid.stpl | 39 + .../17.04/templates/web/apache2/phpfcgid.tpl | 31 + .../17.04/templates/web/awstats/awstats.tpl | 133 +++ .../17.04/templates/web/awstats/index.tpl | 10 + .../17.04/templates/web/awstats/nav.tpl | 23 + .../17.04/templates/web/nginx/caching.sh | 19 + .../17.04/templates/web/nginx/caching.stpl | 44 + .../17.04/templates/web/nginx/caching.tpl | 41 + .../17.04/templates/web/nginx/default.stpl | 36 + .../17.04/templates/web/nginx/default.tpl | 33 + .../17.04/templates/web/nginx/hosting.sh | 11 + .../17.04/templates/web/nginx/hosting.stpl | 38 + .../17.04/templates/web/nginx/hosting.tpl | 35 + .../17.04/templates/web/nginx/http2.stpl | 36 + .../17.04/templates/web/nginx/http2.tpl | 33 + .../web/nginx/php-fpm/cms_made_simple.stpl | 56 ++ .../web/nginx/php-fpm/cms_made_simple.tpl | 52 ++ .../web/nginx/php-fpm/codeigniter2.stpl | 61 ++ .../web/nginx/php-fpm/codeigniter2.tpl | 57 ++ .../web/nginx/php-fpm/codeigniter3.stpl | 56 ++ .../web/nginx/php-fpm/codeigniter3.tpl | 52 ++ .../web/nginx/php-fpm/datalife_engine.stpl | 127 +++ .../web/nginx/php-fpm/datalife_engine.tpl | 123 +++ .../templates/web/nginx/php-fpm/default.stpl | 55 ++ .../templates/web/nginx/php-fpm/default.tpl | 51 ++ .../templates/web/nginx/php-fpm/dokuwiki.stpl | 72 ++ .../templates/web/nginx/php-fpm/dokuwiki.tpl | 67 ++ .../templates/web/nginx/php-fpm/drupal6.stpl | 101 +++ .../templates/web/nginx/php-fpm/drupal6.tpl | 98 ++ .../templates/web/nginx/php-fpm/drupal7.stpl | 101 +++ .../templates/web/nginx/php-fpm/drupal7.tpl | 98 ++ .../templates/web/nginx/php-fpm/drupal8.stpl | 102 +++ .../templates/web/nginx/php-fpm/drupal8.tpl | 99 ++ .../templates/web/nginx/php-fpm/joomla.stpl | 63 ++ .../templates/web/nginx/php-fpm/joomla.tpl | 59 ++ .../templates/web/nginx/php-fpm/laravel.stpl | 56 ++ .../templates/web/nginx/php-fpm/laravel.tpl | 50 ++ .../templates/web/nginx/php-fpm/magento.stpl | 198 ++++ .../templates/web/nginx/php-fpm/magento.tpl | 194 ++++ .../templates/web/nginx/php-fpm/modx.stpl | 69 ++ .../templates/web/nginx/php-fpm/modx.tpl | 65 ++ .../templates/web/nginx/php-fpm/moodle.stpl | 90 ++ .../templates/web/nginx/php-fpm/moodle.tpl | 87 ++ .../templates/web/nginx/php-fpm/no-php.stpl | 47 + .../templates/web/nginx/php-fpm/no-php.tpl | 43 + .../templates/web/nginx/php-fpm/odoo.stpl | 70 ++ .../templates/web/nginx/php-fpm/odoo.tpl | 66 ++ .../templates/web/nginx/php-fpm/opencart.stpl | 59 ++ .../templates/web/nginx/php-fpm/opencart.tpl | 54 ++ .../templates/web/nginx/php-fpm/owncloud.stpl | 85 ++ .../templates/web/nginx/php-fpm/owncloud.tpl | 81 ++ .../templates/web/nginx/php-fpm/piwik.stpl | 73 ++ .../templates/web/nginx/php-fpm/piwik.tpl | 69 ++ .../templates/web/nginx/php-fpm/pyrocms.stpl | 66 ++ .../templates/web/nginx/php-fpm/pyrocms.tpl | 62 ++ .../templates/web/nginx/php-fpm/sendy.stpl | 88 ++ .../templates/web/nginx/php-fpm/sendy.tpl | 86 ++ .../web/nginx/php-fpm/wordpress.stpl | 55 ++ .../templates/web/nginx/php-fpm/wordpress.tpl | 51 ++ .../web/nginx/php-fpm/wordpress2.stpl | 67 ++ .../web/nginx/php-fpm/wordpress2.tpl | 63 ++ .../web/nginx/php-fpm/wordpress2_rewrite.stpl | 72 ++ .../web/nginx/php-fpm/wordpress2_rewrite.tpl | 67 ++ .../17.04/templates/web/nginx/proxy_ip.tpl | 9 + .../17.04/templates/web/php-fpm/default.tpl | 21 + .../17.04/templates/web/php-fpm/no-php.tpl | 20 + .../17.04/templates/web/php-fpm/socket.tpl | 24 + .../web/skel/document_errors/403.html | 29 + .../web/skel/document_errors/404.html | 28 + .../web/skel/document_errors/50x.html | 29 + .../templates/web/skel/public_html/index.html | 26 + .../templates/web/skel/public_html/robots.txt | 3 + .../web/skel/public_shtml/index.html | 26 + .../web/skel/public_shtml/robots.txt | 3 + .../17.04/templates/web/suspend/.htaccess | 2 + .../17.04/templates/web/suspend/index.html | 25 + .../templates/web/webalizer/webalizer.tpl | 110 +++ install/ubuntu/17.04/vsftpd/vsftpd.conf | 27 + install/ubuntu/17.10/apache2/apache2.conf | 94 ++ install/ubuntu/17.10/apache2/status.conf | 8 + install/ubuntu/17.10/bind/named.conf | 12 + install/ubuntu/17.10/clamav/clamd.conf | 61 ++ install/ubuntu/17.10/deb_signing.key | 30 + .../ubuntu/17.10/dovecot/conf.d/10-auth.conf | 4 + .../17.10/dovecot/conf.d/10-logging.conf | 1 + .../ubuntu/17.10/dovecot/conf.d/10-mail.conf | 4 + .../17.10/dovecot/conf.d/10-master.conf | 29 + .../ubuntu/17.10/dovecot/conf.d/10-ssl.conf | 5 + .../ubuntu/17.10/dovecot/conf.d/20-imap.conf | 58 ++ .../ubuntu/17.10/dovecot/conf.d/20-pop3.conf | 91 ++ .../dovecot/conf.d/auth-passwdfile.conf.ext | 9 + install/ubuntu/17.10/dovecot/dovecot.conf | 24 + install/ubuntu/17.10/exim/dnsbl.conf | 2 + install/ubuntu/17.10/exim/exim4.conf.template | 382 ++++++++ install/ubuntu/17.10/exim/spam-blocks.conf | 0 .../ubuntu/17.10/fail2ban/action.d/vesta.conf | 9 + .../ubuntu/17.10/fail2ban/filter.d/vesta.conf | 10 + install/ubuntu/17.10/fail2ban/jail.local | 51 ++ install/ubuntu/17.10/firewall/ports.conf | 17 + install/ubuntu/17.10/firewall/rules.conf | 11 + install/ubuntu/17.10/logrotate/apache2 | 19 + install/ubuntu/17.10/logrotate/dovecot | 12 + install/ubuntu/17.10/logrotate/nginx | 13 + install/ubuntu/17.10/logrotate/vesta | 7 + install/ubuntu/17.10/mysql/my-large.cnf | 41 + install/ubuntu/17.10/mysql/my-medium.cnf | 40 + install/ubuntu/17.10/mysql/my-small.cnf | 40 + install/ubuntu/17.10/nginx/nginx.conf | 136 +++ install/ubuntu/17.10/nginx/phpmyadmin.inc | 18 + install/ubuntu/17.10/nginx/phppgadmin.inc | 11 + install/ubuntu/17.10/nginx/status.conf | 9 + install/ubuntu/17.10/nginx/webmail.inc | 15 + install/ubuntu/17.10/packages/default.pkg | 18 + install/ubuntu/17.10/packages/gainsboro.pkg | 18 + install/ubuntu/17.10/packages/palegreen.pkg | 18 + install/ubuntu/17.10/packages/slategrey.pkg | 18 + install/ubuntu/17.10/pga/config.inc.php | 159 ++++ install/ubuntu/17.10/pga/phppgadmin.conf | 31 + install/ubuntu/17.10/php-fpm/www.conf | 11 + install/ubuntu/17.10/pma/apache.conf | 42 + install/ubuntu/17.10/pma/config.inc.php | 146 +++ install/ubuntu/17.10/postgresql/pg_hba.conf | 11 + install/ubuntu/17.10/proftpd/proftpd.conf | 32 + install/ubuntu/17.10/roundcube/apache.conf | 40 + install/ubuntu/17.10/roundcube/config.inc.php | 33 + install/ubuntu/17.10/roundcube/db.inc.php | 66 ++ install/ubuntu/17.10/roundcube/main.inc.php | 850 ++++++++++++++++++ install/ubuntu/17.10/roundcube/vesta.php | 71 ++ install/ubuntu/17.10/sudo/admin | 8 + .../ubuntu/17.10/templates/dns/child-ns.tpl | 14 + .../ubuntu/17.10/templates/dns/default.tpl | 18 + install/ubuntu/17.10/templates/dns/gmail.tpl | 12 + .../17.10/templates/web/apache2/basedir.stpl | 44 + .../17.10/templates/web/apache2/basedir.tpl | 38 + .../17.10/templates/web/apache2/default.stpl | 43 + .../17.10/templates/web/apache2/default.tpl | 37 + .../17.10/templates/web/apache2/hosting.stpl | 49 + .../17.10/templates/web/apache2/hosting.tpl | 43 + .../17.10/templates/web/apache2/phpcgi.sh | 16 + .../17.10/templates/web/apache2/phpcgi.stpl | 38 + .../17.10/templates/web/apache2/phpcgi.tpl | 31 + .../17.10/templates/web/apache2/phpfcgid.sh | 22 + .../17.10/templates/web/apache2/phpfcgid.stpl | 39 + .../17.10/templates/web/apache2/phpfcgid.tpl | 31 + .../17.10/templates/web/awstats/awstats.tpl | 133 +++ .../17.10/templates/web/awstats/index.tpl | 10 + .../17.10/templates/web/awstats/nav.tpl | 23 + .../17.10/templates/web/nginx/caching.sh | 19 + .../17.10/templates/web/nginx/caching.stpl | 44 + .../17.10/templates/web/nginx/caching.tpl | 41 + .../17.10/templates/web/nginx/default.stpl | 36 + .../17.10/templates/web/nginx/default.tpl | 33 + .../17.10/templates/web/nginx/hosting.sh | 11 + .../17.10/templates/web/nginx/hosting.stpl | 38 + .../17.10/templates/web/nginx/hosting.tpl | 35 + .../17.10/templates/web/nginx/http2.stpl | 36 + .../17.10/templates/web/nginx/http2.tpl | 33 + .../web/nginx/php-fpm/cms_made_simple.stpl | 56 ++ .../web/nginx/php-fpm/cms_made_simple.tpl | 52 ++ .../web/nginx/php-fpm/codeigniter2.stpl | 61 ++ .../web/nginx/php-fpm/codeigniter2.tpl | 57 ++ .../web/nginx/php-fpm/codeigniter3.stpl | 56 ++ .../web/nginx/php-fpm/codeigniter3.tpl | 52 ++ .../web/nginx/php-fpm/datalife_engine.stpl | 127 +++ .../web/nginx/php-fpm/datalife_engine.tpl | 123 +++ .../templates/web/nginx/php-fpm/default.stpl | 55 ++ .../templates/web/nginx/php-fpm/default.tpl | 51 ++ .../templates/web/nginx/php-fpm/dokuwiki.stpl | 72 ++ .../templates/web/nginx/php-fpm/dokuwiki.tpl | 67 ++ .../templates/web/nginx/php-fpm/drupal6.stpl | 101 +++ .../templates/web/nginx/php-fpm/drupal6.tpl | 98 ++ .../templates/web/nginx/php-fpm/drupal7.stpl | 101 +++ .../templates/web/nginx/php-fpm/drupal7.tpl | 98 ++ .../templates/web/nginx/php-fpm/drupal8.stpl | 102 +++ .../templates/web/nginx/php-fpm/drupal8.tpl | 99 ++ .../templates/web/nginx/php-fpm/joomla.stpl | 63 ++ .../templates/web/nginx/php-fpm/joomla.tpl | 59 ++ .../templates/web/nginx/php-fpm/laravel.stpl | 56 ++ .../templates/web/nginx/php-fpm/laravel.tpl | 50 ++ .../templates/web/nginx/php-fpm/magento.stpl | 198 ++++ .../templates/web/nginx/php-fpm/magento.tpl | 194 ++++ .../templates/web/nginx/php-fpm/modx.stpl | 69 ++ .../templates/web/nginx/php-fpm/modx.tpl | 65 ++ .../templates/web/nginx/php-fpm/moodle.stpl | 90 ++ .../templates/web/nginx/php-fpm/moodle.tpl | 87 ++ .../templates/web/nginx/php-fpm/no-php.stpl | 47 + .../templates/web/nginx/php-fpm/no-php.tpl | 43 + .../templates/web/nginx/php-fpm/odoo.stpl | 70 ++ .../templates/web/nginx/php-fpm/odoo.tpl | 66 ++ .../templates/web/nginx/php-fpm/opencart.stpl | 59 ++ .../templates/web/nginx/php-fpm/opencart.tpl | 54 ++ .../templates/web/nginx/php-fpm/owncloud.stpl | 85 ++ .../templates/web/nginx/php-fpm/owncloud.tpl | 81 ++ .../templates/web/nginx/php-fpm/piwik.stpl | 73 ++ .../templates/web/nginx/php-fpm/piwik.tpl | 69 ++ .../templates/web/nginx/php-fpm/pyrocms.stpl | 66 ++ .../templates/web/nginx/php-fpm/pyrocms.tpl | 62 ++ .../templates/web/nginx/php-fpm/sendy.stpl | 88 ++ .../templates/web/nginx/php-fpm/sendy.tpl | 86 ++ .../web/nginx/php-fpm/wordpress.stpl | 55 ++ .../templates/web/nginx/php-fpm/wordpress.tpl | 51 ++ .../web/nginx/php-fpm/wordpress2.stpl | 67 ++ .../web/nginx/php-fpm/wordpress2.tpl | 63 ++ .../web/nginx/php-fpm/wordpress2_rewrite.stpl | 72 ++ .../web/nginx/php-fpm/wordpress2_rewrite.tpl | 67 ++ .../17.10/templates/web/nginx/proxy_ip.tpl | 9 + .../17.10/templates/web/php-fpm/default.tpl | 21 + .../17.10/templates/web/php-fpm/no-php.tpl | 20 + .../17.10/templates/web/php-fpm/socket.tpl | 24 + .../web/skel/document_errors/403.html | 29 + .../web/skel/document_errors/404.html | 28 + .../web/skel/document_errors/50x.html | 29 + .../templates/web/skel/public_html/index.html | 26 + .../templates/web/skel/public_html/robots.txt | 3 + .../web/skel/public_shtml/index.html | 26 + .../web/skel/public_shtml/robots.txt | 3 + .../17.10/templates/web/suspend/.htaccess | 2 + .../17.10/templates/web/suspend/index.html | 25 + .../templates/web/webalizer/webalizer.tpl | 110 +++ install/ubuntu/17.10/vsftpd/vsftpd.conf | 27 + install/ubuntu/18.04/apache2/apache2.conf | 94 ++ install/ubuntu/18.04/apache2/status.conf | 8 + install/ubuntu/18.04/bind/named.conf | 12 + install/ubuntu/18.04/clamav/clamd.conf | 61 ++ install/ubuntu/18.04/deb_signing.key | 30 + .../ubuntu/18.04/dovecot/conf.d/10-auth.conf | 4 + .../18.04/dovecot/conf.d/10-logging.conf | 1 + .../ubuntu/18.04/dovecot/conf.d/10-mail.conf | 4 + .../18.04/dovecot/conf.d/10-master.conf | 29 + .../ubuntu/18.04/dovecot/conf.d/10-ssl.conf | 5 + .../ubuntu/18.04/dovecot/conf.d/20-imap.conf | 58 ++ .../ubuntu/18.04/dovecot/conf.d/20-pop3.conf | 91 ++ .../dovecot/conf.d/auth-passwdfile.conf.ext | 9 + install/ubuntu/18.04/dovecot/dovecot.conf | 24 + install/ubuntu/18.04/exim/dnsbl.conf | 2 + install/ubuntu/18.04/exim/exim4.conf.template | 382 ++++++++ install/ubuntu/18.04/exim/spam-blocks.conf | 0 .../ubuntu/18.04/fail2ban/action.d/vesta.conf | 9 + .../ubuntu/18.04/fail2ban/filter.d/vesta.conf | 10 + install/ubuntu/18.04/fail2ban/jail.local | 51 ++ install/ubuntu/18.04/firewall/ports.conf | 17 + install/ubuntu/18.04/firewall/rules.conf | 11 + install/ubuntu/18.04/logrotate/apache2 | 19 + install/ubuntu/18.04/logrotate/dovecot | 12 + install/ubuntu/18.04/logrotate/nginx | 13 + install/ubuntu/18.04/logrotate/vesta | 7 + install/ubuntu/18.04/mysql/my-large.cnf | 41 + install/ubuntu/18.04/mysql/my-medium.cnf | 40 + install/ubuntu/18.04/mysql/my-small.cnf | 40 + install/ubuntu/18.04/nginx/nginx.conf | 136 +++ install/ubuntu/18.04/nginx/phpmyadmin.inc | 18 + install/ubuntu/18.04/nginx/phppgadmin.inc | 11 + install/ubuntu/18.04/nginx/status.conf | 9 + install/ubuntu/18.04/nginx/webmail.inc | 15 + install/ubuntu/18.04/packages/default.pkg | 18 + install/ubuntu/18.04/packages/gainsboro.pkg | 18 + install/ubuntu/18.04/packages/palegreen.pkg | 18 + install/ubuntu/18.04/packages/slategrey.pkg | 18 + install/ubuntu/18.04/pga/config.inc.php | 159 ++++ install/ubuntu/18.04/pga/phppgadmin.conf | 31 + install/ubuntu/18.04/php-fpm/www.conf | 11 + install/ubuntu/18.04/pma/apache.conf | 42 + install/ubuntu/18.04/pma/config.inc.php | 146 +++ install/ubuntu/18.04/postgresql/pg_hba.conf | 11 + install/ubuntu/18.04/proftpd/proftpd.conf | 32 + install/ubuntu/18.04/roundcube/apache.conf | 40 + install/ubuntu/18.04/roundcube/config.inc.php | 33 + install/ubuntu/18.04/roundcube/db.inc.php | 66 ++ install/ubuntu/18.04/roundcube/main.inc.php | 850 ++++++++++++++++++ install/ubuntu/18.04/roundcube/vesta.php | 71 ++ install/ubuntu/18.04/sudo/admin | 8 + .../ubuntu/18.04/templates/dns/child-ns.tpl | 14 + .../ubuntu/18.04/templates/dns/default.tpl | 18 + install/ubuntu/18.04/templates/dns/gmail.tpl | 12 + .../18.04/templates/web/apache2/basedir.stpl | 44 + .../18.04/templates/web/apache2/basedir.tpl | 38 + .../18.04/templates/web/apache2/default.stpl | 43 + .../18.04/templates/web/apache2/default.tpl | 37 + .../18.04/templates/web/apache2/hosting.stpl | 49 + .../18.04/templates/web/apache2/hosting.tpl | 43 + .../18.04/templates/web/apache2/phpcgi.sh | 16 + .../18.04/templates/web/apache2/phpcgi.stpl | 38 + .../18.04/templates/web/apache2/phpcgi.tpl | 31 + .../18.04/templates/web/apache2/phpfcgid.sh | 22 + .../18.04/templates/web/apache2/phpfcgid.stpl | 39 + .../18.04/templates/web/apache2/phpfcgid.tpl | 31 + .../18.04/templates/web/awstats/awstats.tpl | 133 +++ .../18.04/templates/web/awstats/index.tpl | 10 + .../18.04/templates/web/awstats/nav.tpl | 23 + .../18.04/templates/web/nginx/caching.sh | 19 + .../18.04/templates/web/nginx/caching.stpl | 44 + .../18.04/templates/web/nginx/caching.tpl | 41 + .../18.04/templates/web/nginx/default.stpl | 36 + .../18.04/templates/web/nginx/default.tpl | 33 + .../18.04/templates/web/nginx/hosting.sh | 11 + .../18.04/templates/web/nginx/hosting.stpl | 38 + .../18.04/templates/web/nginx/hosting.tpl | 35 + .../18.04/templates/web/nginx/http2.stpl | 36 + .../18.04/templates/web/nginx/http2.tpl | 33 + .../web/nginx/php-fpm/cms_made_simple.stpl | 56 ++ .../web/nginx/php-fpm/cms_made_simple.tpl | 52 ++ .../web/nginx/php-fpm/codeigniter2.stpl | 61 ++ .../web/nginx/php-fpm/codeigniter2.tpl | 57 ++ .../web/nginx/php-fpm/codeigniter3.stpl | 56 ++ .../web/nginx/php-fpm/codeigniter3.tpl | 52 ++ .../web/nginx/php-fpm/datalife_engine.stpl | 127 +++ .../web/nginx/php-fpm/datalife_engine.tpl | 123 +++ .../templates/web/nginx/php-fpm/default.stpl | 55 ++ .../templates/web/nginx/php-fpm/default.tpl | 51 ++ .../templates/web/nginx/php-fpm/dokuwiki.stpl | 72 ++ .../templates/web/nginx/php-fpm/dokuwiki.tpl | 67 ++ .../templates/web/nginx/php-fpm/drupal6.stpl | 101 +++ .../templates/web/nginx/php-fpm/drupal6.tpl | 98 ++ .../templates/web/nginx/php-fpm/drupal7.stpl | 101 +++ .../templates/web/nginx/php-fpm/drupal7.tpl | 98 ++ .../templates/web/nginx/php-fpm/drupal8.stpl | 102 +++ .../templates/web/nginx/php-fpm/drupal8.tpl | 99 ++ .../templates/web/nginx/php-fpm/joomla.stpl | 63 ++ .../templates/web/nginx/php-fpm/joomla.tpl | 59 ++ .../templates/web/nginx/php-fpm/laravel.stpl | 56 ++ .../templates/web/nginx/php-fpm/laravel.tpl | 50 ++ .../templates/web/nginx/php-fpm/magento.stpl | 198 ++++ .../templates/web/nginx/php-fpm/magento.tpl | 194 ++++ .../templates/web/nginx/php-fpm/modx.stpl | 69 ++ .../templates/web/nginx/php-fpm/modx.tpl | 65 ++ .../templates/web/nginx/php-fpm/moodle.stpl | 90 ++ .../templates/web/nginx/php-fpm/moodle.tpl | 87 ++ .../templates/web/nginx/php-fpm/no-php.stpl | 47 + .../templates/web/nginx/php-fpm/no-php.tpl | 43 + .../templates/web/nginx/php-fpm/odoo.stpl | 70 ++ .../templates/web/nginx/php-fpm/odoo.tpl | 66 ++ .../templates/web/nginx/php-fpm/opencart.stpl | 59 ++ .../templates/web/nginx/php-fpm/opencart.tpl | 54 ++ .../templates/web/nginx/php-fpm/owncloud.stpl | 85 ++ .../templates/web/nginx/php-fpm/owncloud.tpl | 81 ++ .../templates/web/nginx/php-fpm/piwik.stpl | 73 ++ .../templates/web/nginx/php-fpm/piwik.tpl | 69 ++ .../templates/web/nginx/php-fpm/pyrocms.stpl | 66 ++ .../templates/web/nginx/php-fpm/pyrocms.tpl | 62 ++ .../templates/web/nginx/php-fpm/sendy.stpl | 88 ++ .../templates/web/nginx/php-fpm/sendy.tpl | 86 ++ .../web/nginx/php-fpm/wordpress.stpl | 55 ++ .../templates/web/nginx/php-fpm/wordpress.tpl | 51 ++ .../web/nginx/php-fpm/wordpress2.stpl | 67 ++ .../web/nginx/php-fpm/wordpress2.tpl | 63 ++ .../web/nginx/php-fpm/wordpress2_rewrite.stpl | 72 ++ .../web/nginx/php-fpm/wordpress2_rewrite.tpl | 67 ++ .../18.04/templates/web/nginx/proxy_ip.tpl | 9 + .../18.04/templates/web/php-fpm/default.tpl | 21 + .../18.04/templates/web/php-fpm/no-php.tpl | 20 + .../18.04/templates/web/php-fpm/socket.tpl | 24 + .../web/skel/document_errors/403.html | 29 + .../web/skel/document_errors/404.html | 28 + .../web/skel/document_errors/50x.html | 29 + .../templates/web/skel/public_html/index.html | 26 + .../templates/web/skel/public_html/robots.txt | 3 + .../web/skel/public_shtml/index.html | 26 + .../web/skel/public_shtml/robots.txt | 3 + .../18.04/templates/web/suspend/.htaccess | 2 + .../18.04/templates/web/suspend/index.html | 25 + .../templates/web/webalizer/webalizer.tpl | 110 +++ install/ubuntu/18.04/vsftpd/vsftpd.conf | 27 + 426 files changed, 23631 insertions(+) create mode 100644 install/ubuntu/17.04/apache2/apache2.conf create mode 100644 install/ubuntu/17.04/apache2/status.conf create mode 100644 install/ubuntu/17.04/bind/named.conf create mode 100644 install/ubuntu/17.04/clamav/clamd.conf create mode 100644 install/ubuntu/17.04/deb_signing.key create mode 100644 install/ubuntu/17.04/dovecot/conf.d/10-auth.conf create mode 100644 install/ubuntu/17.04/dovecot/conf.d/10-logging.conf create mode 100644 install/ubuntu/17.04/dovecot/conf.d/10-mail.conf create mode 100644 install/ubuntu/17.04/dovecot/conf.d/10-master.conf create mode 100644 install/ubuntu/17.04/dovecot/conf.d/10-ssl.conf create mode 100644 install/ubuntu/17.04/dovecot/conf.d/20-imap.conf create mode 100644 install/ubuntu/17.04/dovecot/conf.d/20-pop3.conf create mode 100644 install/ubuntu/17.04/dovecot/conf.d/auth-passwdfile.conf.ext create mode 100644 install/ubuntu/17.04/dovecot/dovecot.conf create mode 100644 install/ubuntu/17.04/exim/dnsbl.conf create mode 100644 install/ubuntu/17.04/exim/exim4.conf.template create mode 100644 install/ubuntu/17.04/exim/spam-blocks.conf create mode 100644 install/ubuntu/17.04/fail2ban/action.d/vesta.conf create mode 100644 install/ubuntu/17.04/fail2ban/filter.d/vesta.conf create mode 100644 install/ubuntu/17.04/fail2ban/jail.local create mode 100644 install/ubuntu/17.04/firewall/ports.conf create mode 100644 install/ubuntu/17.04/firewall/rules.conf create mode 100644 install/ubuntu/17.04/logrotate/apache2 create mode 100644 install/ubuntu/17.04/logrotate/dovecot create mode 100644 install/ubuntu/17.04/logrotate/nginx create mode 100644 install/ubuntu/17.04/logrotate/vesta create mode 100644 install/ubuntu/17.04/mysql/my-large.cnf create mode 100644 install/ubuntu/17.04/mysql/my-medium.cnf create mode 100644 install/ubuntu/17.04/mysql/my-small.cnf create mode 100644 install/ubuntu/17.04/nginx/nginx.conf create mode 100644 install/ubuntu/17.04/nginx/phpmyadmin.inc create mode 100644 install/ubuntu/17.04/nginx/phppgadmin.inc create mode 100644 install/ubuntu/17.04/nginx/status.conf create mode 100644 install/ubuntu/17.04/nginx/webmail.inc create mode 100644 install/ubuntu/17.04/packages/default.pkg create mode 100644 install/ubuntu/17.04/packages/gainsboro.pkg create mode 100644 install/ubuntu/17.04/packages/palegreen.pkg create mode 100644 install/ubuntu/17.04/packages/slategrey.pkg create mode 100644 install/ubuntu/17.04/pga/config.inc.php create mode 100644 install/ubuntu/17.04/pga/phppgadmin.conf create mode 100644 install/ubuntu/17.04/php-fpm/www.conf create mode 100644 install/ubuntu/17.04/pma/apache.conf create mode 100644 install/ubuntu/17.04/pma/config.inc.php create mode 100644 install/ubuntu/17.04/postgresql/pg_hba.conf create mode 100644 install/ubuntu/17.04/proftpd/proftpd.conf create mode 100644 install/ubuntu/17.04/roundcube/apache.conf create mode 100644 install/ubuntu/17.04/roundcube/config.inc.php create mode 100644 install/ubuntu/17.04/roundcube/db.inc.php create mode 100644 install/ubuntu/17.04/roundcube/main.inc.php create mode 100644 install/ubuntu/17.04/roundcube/vesta.php create mode 100644 install/ubuntu/17.04/sudo/admin create mode 100755 install/ubuntu/17.04/templates/dns/child-ns.tpl create mode 100755 install/ubuntu/17.04/templates/dns/default.tpl create mode 100755 install/ubuntu/17.04/templates/dns/gmail.tpl create mode 100644 install/ubuntu/17.04/templates/web/apache2/basedir.stpl create mode 100644 install/ubuntu/17.04/templates/web/apache2/basedir.tpl create mode 100644 install/ubuntu/17.04/templates/web/apache2/default.stpl create mode 100644 install/ubuntu/17.04/templates/web/apache2/default.tpl create mode 100644 install/ubuntu/17.04/templates/web/apache2/hosting.stpl create mode 100644 install/ubuntu/17.04/templates/web/apache2/hosting.tpl create mode 100755 install/ubuntu/17.04/templates/web/apache2/phpcgi.sh create mode 100644 install/ubuntu/17.04/templates/web/apache2/phpcgi.stpl create mode 100644 install/ubuntu/17.04/templates/web/apache2/phpcgi.tpl create mode 100755 install/ubuntu/17.04/templates/web/apache2/phpfcgid.sh create mode 100644 install/ubuntu/17.04/templates/web/apache2/phpfcgid.stpl create mode 100644 install/ubuntu/17.04/templates/web/apache2/phpfcgid.tpl create mode 100755 install/ubuntu/17.04/templates/web/awstats/awstats.tpl create mode 100755 install/ubuntu/17.04/templates/web/awstats/index.tpl create mode 100755 install/ubuntu/17.04/templates/web/awstats/nav.tpl create mode 100755 install/ubuntu/17.04/templates/web/nginx/caching.sh create mode 100755 install/ubuntu/17.04/templates/web/nginx/caching.stpl create mode 100755 install/ubuntu/17.04/templates/web/nginx/caching.tpl create mode 100755 install/ubuntu/17.04/templates/web/nginx/default.stpl create mode 100755 install/ubuntu/17.04/templates/web/nginx/default.tpl create mode 100755 install/ubuntu/17.04/templates/web/nginx/hosting.sh create mode 100755 install/ubuntu/17.04/templates/web/nginx/hosting.stpl create mode 100755 install/ubuntu/17.04/templates/web/nginx/hosting.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/http2.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/http2.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/default.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/default.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.tpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl create mode 100644 install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl create mode 100755 install/ubuntu/17.04/templates/web/nginx/proxy_ip.tpl create mode 100644 install/ubuntu/17.04/templates/web/php-fpm/default.tpl create mode 100644 install/ubuntu/17.04/templates/web/php-fpm/no-php.tpl create mode 100644 install/ubuntu/17.04/templates/web/php-fpm/socket.tpl create mode 100755 install/ubuntu/17.04/templates/web/skel/document_errors/403.html create mode 100755 install/ubuntu/17.04/templates/web/skel/document_errors/404.html create mode 100755 install/ubuntu/17.04/templates/web/skel/document_errors/50x.html create mode 100755 install/ubuntu/17.04/templates/web/skel/public_html/index.html create mode 100755 install/ubuntu/17.04/templates/web/skel/public_html/robots.txt create mode 100755 install/ubuntu/17.04/templates/web/skel/public_shtml/index.html create mode 100755 install/ubuntu/17.04/templates/web/skel/public_shtml/robots.txt create mode 100755 install/ubuntu/17.04/templates/web/suspend/.htaccess create mode 100755 install/ubuntu/17.04/templates/web/suspend/index.html create mode 100755 install/ubuntu/17.04/templates/web/webalizer/webalizer.tpl create mode 100644 install/ubuntu/17.04/vsftpd/vsftpd.conf create mode 100644 install/ubuntu/17.10/apache2/apache2.conf create mode 100644 install/ubuntu/17.10/apache2/status.conf create mode 100644 install/ubuntu/17.10/bind/named.conf create mode 100644 install/ubuntu/17.10/clamav/clamd.conf create mode 100644 install/ubuntu/17.10/deb_signing.key create mode 100644 install/ubuntu/17.10/dovecot/conf.d/10-auth.conf create mode 100644 install/ubuntu/17.10/dovecot/conf.d/10-logging.conf create mode 100644 install/ubuntu/17.10/dovecot/conf.d/10-mail.conf create mode 100644 install/ubuntu/17.10/dovecot/conf.d/10-master.conf create mode 100644 install/ubuntu/17.10/dovecot/conf.d/10-ssl.conf create mode 100644 install/ubuntu/17.10/dovecot/conf.d/20-imap.conf create mode 100644 install/ubuntu/17.10/dovecot/conf.d/20-pop3.conf create mode 100644 install/ubuntu/17.10/dovecot/conf.d/auth-passwdfile.conf.ext create mode 100644 install/ubuntu/17.10/dovecot/dovecot.conf create mode 100644 install/ubuntu/17.10/exim/dnsbl.conf create mode 100644 install/ubuntu/17.10/exim/exim4.conf.template create mode 100644 install/ubuntu/17.10/exim/spam-blocks.conf create mode 100644 install/ubuntu/17.10/fail2ban/action.d/vesta.conf create mode 100644 install/ubuntu/17.10/fail2ban/filter.d/vesta.conf create mode 100644 install/ubuntu/17.10/fail2ban/jail.local create mode 100644 install/ubuntu/17.10/firewall/ports.conf create mode 100644 install/ubuntu/17.10/firewall/rules.conf create mode 100644 install/ubuntu/17.10/logrotate/apache2 create mode 100644 install/ubuntu/17.10/logrotate/dovecot create mode 100644 install/ubuntu/17.10/logrotate/nginx create mode 100644 install/ubuntu/17.10/logrotate/vesta create mode 100644 install/ubuntu/17.10/mysql/my-large.cnf create mode 100644 install/ubuntu/17.10/mysql/my-medium.cnf create mode 100644 install/ubuntu/17.10/mysql/my-small.cnf create mode 100644 install/ubuntu/17.10/nginx/nginx.conf create mode 100644 install/ubuntu/17.10/nginx/phpmyadmin.inc create mode 100644 install/ubuntu/17.10/nginx/phppgadmin.inc create mode 100644 install/ubuntu/17.10/nginx/status.conf create mode 100644 install/ubuntu/17.10/nginx/webmail.inc create mode 100644 install/ubuntu/17.10/packages/default.pkg create mode 100644 install/ubuntu/17.10/packages/gainsboro.pkg create mode 100644 install/ubuntu/17.10/packages/palegreen.pkg create mode 100644 install/ubuntu/17.10/packages/slategrey.pkg create mode 100644 install/ubuntu/17.10/pga/config.inc.php create mode 100644 install/ubuntu/17.10/pga/phppgadmin.conf create mode 100644 install/ubuntu/17.10/php-fpm/www.conf create mode 100644 install/ubuntu/17.10/pma/apache.conf create mode 100644 install/ubuntu/17.10/pma/config.inc.php create mode 100644 install/ubuntu/17.10/postgresql/pg_hba.conf create mode 100644 install/ubuntu/17.10/proftpd/proftpd.conf create mode 100644 install/ubuntu/17.10/roundcube/apache.conf create mode 100644 install/ubuntu/17.10/roundcube/config.inc.php create mode 100644 install/ubuntu/17.10/roundcube/db.inc.php create mode 100644 install/ubuntu/17.10/roundcube/main.inc.php create mode 100644 install/ubuntu/17.10/roundcube/vesta.php create mode 100644 install/ubuntu/17.10/sudo/admin create mode 100755 install/ubuntu/17.10/templates/dns/child-ns.tpl create mode 100755 install/ubuntu/17.10/templates/dns/default.tpl create mode 100755 install/ubuntu/17.10/templates/dns/gmail.tpl create mode 100644 install/ubuntu/17.10/templates/web/apache2/basedir.stpl create mode 100644 install/ubuntu/17.10/templates/web/apache2/basedir.tpl create mode 100644 install/ubuntu/17.10/templates/web/apache2/default.stpl create mode 100644 install/ubuntu/17.10/templates/web/apache2/default.tpl create mode 100644 install/ubuntu/17.10/templates/web/apache2/hosting.stpl create mode 100644 install/ubuntu/17.10/templates/web/apache2/hosting.tpl create mode 100755 install/ubuntu/17.10/templates/web/apache2/phpcgi.sh create mode 100644 install/ubuntu/17.10/templates/web/apache2/phpcgi.stpl create mode 100644 install/ubuntu/17.10/templates/web/apache2/phpcgi.tpl create mode 100755 install/ubuntu/17.10/templates/web/apache2/phpfcgid.sh create mode 100644 install/ubuntu/17.10/templates/web/apache2/phpfcgid.stpl create mode 100644 install/ubuntu/17.10/templates/web/apache2/phpfcgid.tpl create mode 100755 install/ubuntu/17.10/templates/web/awstats/awstats.tpl create mode 100755 install/ubuntu/17.10/templates/web/awstats/index.tpl create mode 100755 install/ubuntu/17.10/templates/web/awstats/nav.tpl create mode 100755 install/ubuntu/17.10/templates/web/nginx/caching.sh create mode 100755 install/ubuntu/17.10/templates/web/nginx/caching.stpl create mode 100755 install/ubuntu/17.10/templates/web/nginx/caching.tpl create mode 100755 install/ubuntu/17.10/templates/web/nginx/default.stpl create mode 100755 install/ubuntu/17.10/templates/web/nginx/default.tpl create mode 100755 install/ubuntu/17.10/templates/web/nginx/hosting.sh create mode 100755 install/ubuntu/17.10/templates/web/nginx/hosting.stpl create mode 100755 install/ubuntu/17.10/templates/web/nginx/hosting.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/http2.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/http2.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/default.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/default.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.tpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl create mode 100644 install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl create mode 100755 install/ubuntu/17.10/templates/web/nginx/proxy_ip.tpl create mode 100644 install/ubuntu/17.10/templates/web/php-fpm/default.tpl create mode 100644 install/ubuntu/17.10/templates/web/php-fpm/no-php.tpl create mode 100644 install/ubuntu/17.10/templates/web/php-fpm/socket.tpl create mode 100755 install/ubuntu/17.10/templates/web/skel/document_errors/403.html create mode 100755 install/ubuntu/17.10/templates/web/skel/document_errors/404.html create mode 100755 install/ubuntu/17.10/templates/web/skel/document_errors/50x.html create mode 100755 install/ubuntu/17.10/templates/web/skel/public_html/index.html create mode 100755 install/ubuntu/17.10/templates/web/skel/public_html/robots.txt create mode 100755 install/ubuntu/17.10/templates/web/skel/public_shtml/index.html create mode 100755 install/ubuntu/17.10/templates/web/skel/public_shtml/robots.txt create mode 100755 install/ubuntu/17.10/templates/web/suspend/.htaccess create mode 100755 install/ubuntu/17.10/templates/web/suspend/index.html create mode 100755 install/ubuntu/17.10/templates/web/webalizer/webalizer.tpl create mode 100644 install/ubuntu/17.10/vsftpd/vsftpd.conf create mode 100644 install/ubuntu/18.04/apache2/apache2.conf create mode 100644 install/ubuntu/18.04/apache2/status.conf create mode 100644 install/ubuntu/18.04/bind/named.conf create mode 100644 install/ubuntu/18.04/clamav/clamd.conf create mode 100644 install/ubuntu/18.04/deb_signing.key create mode 100644 install/ubuntu/18.04/dovecot/conf.d/10-auth.conf create mode 100644 install/ubuntu/18.04/dovecot/conf.d/10-logging.conf create mode 100644 install/ubuntu/18.04/dovecot/conf.d/10-mail.conf create mode 100644 install/ubuntu/18.04/dovecot/conf.d/10-master.conf create mode 100644 install/ubuntu/18.04/dovecot/conf.d/10-ssl.conf create mode 100644 install/ubuntu/18.04/dovecot/conf.d/20-imap.conf create mode 100644 install/ubuntu/18.04/dovecot/conf.d/20-pop3.conf create mode 100644 install/ubuntu/18.04/dovecot/conf.d/auth-passwdfile.conf.ext create mode 100644 install/ubuntu/18.04/dovecot/dovecot.conf create mode 100644 install/ubuntu/18.04/exim/dnsbl.conf create mode 100644 install/ubuntu/18.04/exim/exim4.conf.template create mode 100644 install/ubuntu/18.04/exim/spam-blocks.conf create mode 100644 install/ubuntu/18.04/fail2ban/action.d/vesta.conf create mode 100644 install/ubuntu/18.04/fail2ban/filter.d/vesta.conf create mode 100644 install/ubuntu/18.04/fail2ban/jail.local create mode 100644 install/ubuntu/18.04/firewall/ports.conf create mode 100644 install/ubuntu/18.04/firewall/rules.conf create mode 100644 install/ubuntu/18.04/logrotate/apache2 create mode 100644 install/ubuntu/18.04/logrotate/dovecot create mode 100644 install/ubuntu/18.04/logrotate/nginx create mode 100644 install/ubuntu/18.04/logrotate/vesta create mode 100644 install/ubuntu/18.04/mysql/my-large.cnf create mode 100644 install/ubuntu/18.04/mysql/my-medium.cnf create mode 100644 install/ubuntu/18.04/mysql/my-small.cnf create mode 100644 install/ubuntu/18.04/nginx/nginx.conf create mode 100644 install/ubuntu/18.04/nginx/phpmyadmin.inc create mode 100644 install/ubuntu/18.04/nginx/phppgadmin.inc create mode 100644 install/ubuntu/18.04/nginx/status.conf create mode 100644 install/ubuntu/18.04/nginx/webmail.inc create mode 100644 install/ubuntu/18.04/packages/default.pkg create mode 100644 install/ubuntu/18.04/packages/gainsboro.pkg create mode 100644 install/ubuntu/18.04/packages/palegreen.pkg create mode 100644 install/ubuntu/18.04/packages/slategrey.pkg create mode 100644 install/ubuntu/18.04/pga/config.inc.php create mode 100644 install/ubuntu/18.04/pga/phppgadmin.conf create mode 100644 install/ubuntu/18.04/php-fpm/www.conf create mode 100644 install/ubuntu/18.04/pma/apache.conf create mode 100644 install/ubuntu/18.04/pma/config.inc.php create mode 100644 install/ubuntu/18.04/postgresql/pg_hba.conf create mode 100644 install/ubuntu/18.04/proftpd/proftpd.conf create mode 100644 install/ubuntu/18.04/roundcube/apache.conf create mode 100644 install/ubuntu/18.04/roundcube/config.inc.php create mode 100644 install/ubuntu/18.04/roundcube/db.inc.php create mode 100644 install/ubuntu/18.04/roundcube/main.inc.php create mode 100644 install/ubuntu/18.04/roundcube/vesta.php create mode 100644 install/ubuntu/18.04/sudo/admin create mode 100755 install/ubuntu/18.04/templates/dns/child-ns.tpl create mode 100755 install/ubuntu/18.04/templates/dns/default.tpl create mode 100755 install/ubuntu/18.04/templates/dns/gmail.tpl create mode 100644 install/ubuntu/18.04/templates/web/apache2/basedir.stpl create mode 100644 install/ubuntu/18.04/templates/web/apache2/basedir.tpl create mode 100644 install/ubuntu/18.04/templates/web/apache2/default.stpl create mode 100644 install/ubuntu/18.04/templates/web/apache2/default.tpl create mode 100644 install/ubuntu/18.04/templates/web/apache2/hosting.stpl create mode 100644 install/ubuntu/18.04/templates/web/apache2/hosting.tpl create mode 100755 install/ubuntu/18.04/templates/web/apache2/phpcgi.sh create mode 100644 install/ubuntu/18.04/templates/web/apache2/phpcgi.stpl create mode 100644 install/ubuntu/18.04/templates/web/apache2/phpcgi.tpl create mode 100755 install/ubuntu/18.04/templates/web/apache2/phpfcgid.sh create mode 100644 install/ubuntu/18.04/templates/web/apache2/phpfcgid.stpl create mode 100644 install/ubuntu/18.04/templates/web/apache2/phpfcgid.tpl create mode 100755 install/ubuntu/18.04/templates/web/awstats/awstats.tpl create mode 100755 install/ubuntu/18.04/templates/web/awstats/index.tpl create mode 100755 install/ubuntu/18.04/templates/web/awstats/nav.tpl create mode 100755 install/ubuntu/18.04/templates/web/nginx/caching.sh create mode 100755 install/ubuntu/18.04/templates/web/nginx/caching.stpl create mode 100755 install/ubuntu/18.04/templates/web/nginx/caching.tpl create mode 100755 install/ubuntu/18.04/templates/web/nginx/default.stpl create mode 100755 install/ubuntu/18.04/templates/web/nginx/default.tpl create mode 100755 install/ubuntu/18.04/templates/web/nginx/hosting.sh create mode 100755 install/ubuntu/18.04/templates/web/nginx/hosting.stpl create mode 100755 install/ubuntu/18.04/templates/web/nginx/hosting.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/http2.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/http2.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/default.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.tpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl create mode 100644 install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl create mode 100755 install/ubuntu/18.04/templates/web/nginx/proxy_ip.tpl create mode 100644 install/ubuntu/18.04/templates/web/php-fpm/default.tpl create mode 100644 install/ubuntu/18.04/templates/web/php-fpm/no-php.tpl create mode 100644 install/ubuntu/18.04/templates/web/php-fpm/socket.tpl create mode 100755 install/ubuntu/18.04/templates/web/skel/document_errors/403.html create mode 100755 install/ubuntu/18.04/templates/web/skel/document_errors/404.html create mode 100755 install/ubuntu/18.04/templates/web/skel/document_errors/50x.html create mode 100755 install/ubuntu/18.04/templates/web/skel/public_html/index.html create mode 100755 install/ubuntu/18.04/templates/web/skel/public_html/robots.txt create mode 100755 install/ubuntu/18.04/templates/web/skel/public_shtml/index.html create mode 100755 install/ubuntu/18.04/templates/web/skel/public_shtml/robots.txt create mode 100755 install/ubuntu/18.04/templates/web/suspend/.htaccess create mode 100755 install/ubuntu/18.04/templates/web/suspend/index.html create mode 100755 install/ubuntu/18.04/templates/web/webalizer/webalizer.tpl create mode 100644 install/ubuntu/18.04/vsftpd/vsftpd.conf diff --git a/install/ubuntu/17.04/apache2/apache2.conf b/install/ubuntu/17.04/apache2/apache2.conf new file mode 100644 index 00000000..2756132a --- /dev/null +++ b/install/ubuntu/17.04/apache2/apache2.conf @@ -0,0 +1,94 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/ubuntu/17.04/apache2/status.conf b/install/ubuntu/17.04/apache2/status.conf new file mode 100644 index 00000000..da9d9633 --- /dev/null +++ b/install/ubuntu/17.04/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/17.04/bind/named.conf b/install/ubuntu/17.04/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/ubuntu/17.04/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/17.04/clamav/clamd.conf b/install/ubuntu/17.04/clamav/clamd.conf new file mode 100644 index 00000000..4e04356e --- /dev/null +++ b/install/ubuntu/17.04/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/17.04/deb_signing.key b/install/ubuntu/17.04/deb_signing.key new file mode 100644 index 00000000..2ad2db8b --- /dev/null +++ b/install/ubuntu/17.04/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-auth.conf b/install/ubuntu/17.04/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-logging.conf b/install/ubuntu/17.04/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/17.04/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-master.conf b/install/ubuntu/17.04/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/17.04/dovecot/conf.d/10-ssl.conf b/install/ubuntu/17.04/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..24cbf3e2 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,5 @@ +ssl = yes +ssl_protocols = !SSLv2 !SSLv3 + +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/17.04/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/17.04/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/17.04/dovecot/dovecot.conf b/install/ubuntu/17.04/dovecot/dovecot.conf new file mode 100644 index 00000000..311a3351 --- /dev/null +++ b/install/ubuntu/17.04/dovecot/dovecot.conf @@ -0,0 +1,24 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf + +namespace { + type = private + separator = / + prefix = + inbox = yes + + mailbox Sent { + auto = subscribe + special_use = \Sent + } + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + mailbox Trash { + auto = subscribe + special_use = \Trash + } +} diff --git a/install/ubuntu/17.04/exim/dnsbl.conf b/install/ubuntu/17.04/exim/dnsbl.conf new file mode 100644 index 00000000..5166b255 --- /dev/null +++ b/install/ubuntu/17.04/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/17.04/exim/exim4.conf.template b/install/ubuntu/17.04/exim/exim4.conf.template new file mode 100644 index 00000000..fc346486 --- /dev/null +++ b/install/ubuntu/17.04/exim/exim4.conf.template @@ -0,0 +1,382 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +add_environment = <; PATH=/bin:/usr/bin +keep_environment = +disable_ipv6 = true + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth required + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{1024K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = debian-spamd:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/17.04/exim/spam-blocks.conf b/install/ubuntu/17.04/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/ubuntu/17.04/fail2ban/action.d/vesta.conf b/install/ubuntu/17.04/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/ubuntu/17.04/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/17.04/fail2ban/filter.d/vesta.conf b/install/ubuntu/17.04/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/ubuntu/17.04/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/17.04/fail2ban/jail.local b/install/ubuntu/17.04/fail2ban/jail.local new file mode 100644 index 00000000..013f81c4 --- /dev/null +++ b/install/ubuntu/17.04/fail2ban/jail.local @@ -0,0 +1,51 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 + +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog +maxretry = 5 + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log +maxretry = 5 + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 + +[roundcube-auth] +enabled = false +filter = roundcube-auth +port = http,https +logpath = /var/log/roundcube/errors +maxretry = 5 diff --git a/install/ubuntu/17.04/firewall/ports.conf b/install/ubuntu/17.04/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/17.04/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/17.04/firewall/rules.conf b/install/ubuntu/17.04/firewall/rules.conf new file mode 100644 index 00000000..fba98e1e --- /dev/null +++ b/install/ubuntu/17.04/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/17.04/logrotate/apache2 b/install/ubuntu/17.04/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/ubuntu/17.04/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/17.04/logrotate/dovecot b/install/ubuntu/17.04/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/ubuntu/17.04/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/ubuntu/17.04/logrotate/nginx b/install/ubuntu/17.04/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/ubuntu/17.04/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/17.04/logrotate/vesta b/install/ubuntu/17.04/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/ubuntu/17.04/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/17.04/mysql/my-large.cnf b/install/ubuntu/17.04/mysql/my-large.cnf new file mode 100644 index 00000000..7201377c --- /dev/null +++ b/install/ubuntu/17.04/mysql/my-large.cnf @@ -0,0 +1,41 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.04/mysql/my-medium.cnf b/install/ubuntu/17.04/mysql/my-medium.cnf new file mode 100644 index 00000000..1c10ab9a --- /dev/null +++ b/install/ubuntu/17.04/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.04/mysql/my-small.cnf b/install/ubuntu/17.04/mysql/my-small.cnf new file mode 100644 index 00000000..26a80478 --- /dev/null +++ b/install/ubuntu/17.04/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.04/nginx/nginx.conf b/install/ubuntu/17.04/nginx/nginx.conf new file mode 100644 index 00000000..e7256de7 --- /dev/null +++ b/install/ubuntu/17.04/nginx/nginx.conf @@ -0,0 +1,136 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + #set_real_ip_from 2c0f:f248::/32; + #set_real_ip_from 2a06:98c0::/29; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/17.04/nginx/phpmyadmin.inc b/install/ubuntu/17.04/nginx/phpmyadmin.inc new file mode 100644 index 00000000..1feb8546 --- /dev/null +++ b/install/ubuntu/17.04/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/ubuntu/17.04/nginx/phppgadmin.inc b/install/ubuntu/17.04/nginx/phppgadmin.inc new file mode 100644 index 00000000..cd1e5806 --- /dev/null +++ b/install/ubuntu/17.04/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/17.04/nginx/status.conf b/install/ubuntu/17.04/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/ubuntu/17.04/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/17.04/nginx/webmail.inc b/install/ubuntu/17.04/nginx/webmail.inc new file mode 100644 index 00000000..ad66895b --- /dev/null +++ b/install/ubuntu/17.04/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/17.04/packages/default.pkg b/install/ubuntu/17.04/packages/default.pkg new file mode 100644 index 00000000..c2a93574 --- /dev/null +++ b/install/ubuntu/17.04/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='unlimited' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.04/packages/gainsboro.pkg b/install/ubuntu/17.04/packages/gainsboro.pkg new file mode 100644 index 00000000..76d7dae2 --- /dev/null +++ b/install/ubuntu/17.04/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='1' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.04/packages/palegreen.pkg b/install/ubuntu/17.04/packages/palegreen.pkg new file mode 100644 index 00000000..3db5fe57 --- /dev/null +++ b/install/ubuntu/17.04/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='5' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.04/packages/slategrey.pkg b/install/ubuntu/17.04/packages/slategrey.pkg new file mode 100644 index 00000000..d89e796f --- /dev/null +++ b/install/ubuntu/17.04/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.04/pga/config.inc.php b/install/ubuntu/17.04/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/ubuntu/17.04/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/17.04/pga/phppgadmin.conf b/install/ubuntu/17.04/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/ubuntu/17.04/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/17.04/php-fpm/www.conf b/install/ubuntu/17.04/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/ubuntu/17.04/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/ubuntu/17.04/pma/apache.conf b/install/ubuntu/17.04/pma/apache.conf new file mode 100644 index 00000000..4da6ce84 --- /dev/null +++ b/install/ubuntu/17.04/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/ + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/17.04/pma/config.inc.php b/install/ubuntu/17.04/pma/config.inc.php new file mode 100644 index 00000000..a643a065 --- /dev/null +++ b/install/ubuntu/17.04/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/17.04/roundcube/apache.conf b/install/ubuntu/17.04/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/ubuntu/17.04/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/17.04/roundcube/config.inc.php b/install/ubuntu/17.04/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/ubuntu/17.04/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/17.04/roundcube/main.inc.php b/install/ubuntu/17.04/roundcube/main.inc.php new file mode 100644 index 00000000..44b19793 --- /dev/null +++ b/install/ubuntu/17.04/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = true; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 30 seconds +$rcmail_config['draft_autosave'] = 30; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/17.04/roundcube/vesta.php b/install/ubuntu/17.04/roundcube/vesta.php new file mode 100644 index 00000000..99e1d4bc --- /dev/null +++ b/install/ubuntu/17.04/roundcube/vesta.php @@ -0,0 +1,71 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/17.04/sudo/admin b/install/ubuntu/17.04/sudo/admin new file mode 100644 index 00000000..4226bdd4 --- /dev/null +++ b/install/ubuntu/17.04/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/17.04/templates/dns/child-ns.tpl b/install/ubuntu/17.04/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/ubuntu/17.04/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.04/templates/dns/default.tpl b/install/ubuntu/17.04/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/ubuntu/17.04/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.04/templates/dns/gmail.tpl b/install/ubuntu/17.04/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/ubuntu/17.04/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.04/templates/web/apache2/basedir.stpl b/install/ubuntu/17.04/templates/web/apache2/basedir.stpl new file mode 100644 index 00000000..d978d4c4 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/basedir.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/basedir.tpl b/install/ubuntu/17.04/templates/web/apache2/basedir.tpl new file mode 100644 index 00000000..96c94a1b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/basedir.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/default.stpl b/install/ubuntu/17.04/templates/web/apache2/default.stpl new file mode 100644 index 00000000..ec34c279 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/default.stpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/default.tpl b/install/ubuntu/17.04/templates/web/apache2/default.tpl new file mode 100644 index 00000000..3a227015 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/default.tpl @@ -0,0 +1,37 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/hosting.stpl b/install/ubuntu/17.04/templates/web/apache2/hosting.stpl new file mode 100644 index 00000000..8892072b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/hosting.tpl b/install/ubuntu/17.04/templates/web/apache2/hosting.tpl new file mode 100644 index 00000000..1eb26910 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/phpcgi.sh b/install/ubuntu/17.04/templates/web/apache2/phpcgi.sh new file mode 100755 index 00000000..6565e103 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/17.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/17.04/templates/web/apache2/phpcgi.stpl new file mode 100644 index 00000000..731355bc --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/phpcgi.tpl b/install/ubuntu/17.04/templates/web/apache2/phpcgi.tpl new file mode 100644 index 00000000..c6796d29 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/phpfcgid.sh b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.sh new file mode 100755 index 00000000..e8058249 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/17.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.stpl new file mode 100644 index 00000000..156c8a91 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,39 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.tpl new file mode 100644 index 00000000..a4c01269 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.04/templates/web/awstats/awstats.tpl b/install/ubuntu/17.04/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..9a92e0fd --- /dev/null +++ b/install/ubuntu/17.04/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/17.04/templates/web/awstats/index.tpl b/install/ubuntu/17.04/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/ubuntu/17.04/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/17.04/templates/web/awstats/nav.tpl b/install/ubuntu/17.04/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +

+

+ + diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.sh b/install/ubuntu/17.04/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.stpl b/install/ubuntu/17.04/templates/web/nginx/caching.stpl new file mode 100755 index 00000000..5e0e4064 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.tpl b/install/ubuntu/17.04/templates/web/nginx/caching.tpl new file mode 100755 index 00000000..36761b65 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/default.stpl b/install/ubuntu/17.04/templates/web/nginx/default.stpl new file mode 100755 index 00000000..fa538060 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/default.tpl b/install/ubuntu/17.04/templates/web/nginx/default.tpl new file mode 100755 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.sh b/install/ubuntu/17.04/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.stpl b/install/ubuntu/17.04/templates/web/nginx/hosting.stpl new file mode 100755 index 00000000..d778d633 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.tpl b/install/ubuntu/17.04/templates/web/nginx/hosting.tpl new file mode 100755 index 00000000..15961c95 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.stpl b/install/ubuntu/17.04/templates/web/nginx/http2.stpl new file mode 100644 index 00000000..76dd2f8e --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/http2.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port% http2; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.tpl b/install/ubuntu/17.04/templates/web/nginx/http2.tpl new file mode 100644 index 00000000..c1fec114 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/http2.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..d85bcce3 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..9c24c3ea --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..d7186314 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..4f0b9ec7 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,127 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..f85032ba --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..91a70936 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..ac32dcd9 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..3b9dabf5 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..1b979475 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..50d85b68 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,102 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..71b538bf --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,99 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..704405f3 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..477f6f01 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..fdab43aa --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,198 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..f410ab77 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..f15a68c5 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..bc8b53a3 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..d6697d7a --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,70 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..908b9aeb --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..891566b9 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..78c1bb78 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,73 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..5ffc9ed5 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..297fe0e8 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..e0aeb524 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..0d933b30 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/17.04/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/17.04/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 00000000..ae195617 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/17.04/templates/web/php-fpm/default.tpl b/install/ubuntu/17.04/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.04/templates/web/php-fpm/no-php.tpl b/install/ubuntu/17.04/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/ubuntu/17.04/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.04/templates/web/php-fpm/socket.tpl b/install/ubuntu/17.04/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.04/templates/web/skel/document_errors/403.html b/install/ubuntu/17.04/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

+ +

403

+

Forbidden

+

+ Unfortunately, you do not have permission to view this +

+ + + diff --git a/install/ubuntu/17.04/templates/web/skel/document_errors/404.html b/install/ubuntu/17.04/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

+

404

+

Page Not Found

+

+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +

+ + diff --git a/install/ubuntu/17.04/templates/web/skel/document_errors/50x.html b/install/ubuntu/17.04/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

+ +

500

+

Internal Server Error

+

+ Sorry, something went wrong :( +

+ + + diff --git a/install/ubuntu/17.04/templates/web/skel/public_html/index.html b/install/ubuntu/17.04/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+

+ Powered by VESTA +

+ + + + diff --git a/install/ubuntu/17.04/templates/web/skel/public_html/robots.txt b/install/ubuntu/17.04/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/17.04/templates/web/skel/public_shtml/index.html b/install/ubuntu/17.04/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+

+ Powered by VESTA +

+ + + + diff --git a/install/ubuntu/17.04/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/17.04/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/17.04/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/17.04/templates/web/suspend/.htaccess b/install/ubuntu/17.04/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/ubuntu/17.04/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/17.04/templates/web/suspend/index.html b/install/ubuntu/17.04/templates/web/suspend/index.html new file mode 100755 index 00000000..f2d04e1f --- /dev/null +++ b/install/ubuntu/17.04/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

SUSPENDED

+

This website has been suspended.

+

+ Please contact the technical support department. +

+ + diff --git a/install/ubuntu/17.04/templates/web/webalizer/webalizer.tpl b/install/ubuntu/17.04/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/ubuntu/17.04/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/17.04/vsftpd/vsftpd.conf b/install/ubuntu/17.04/vsftpd/vsftpd.conf new file mode 100644 index 00000000..034b016d --- /dev/null +++ b/install/ubuntu/17.04/vsftpd/vsftpd.conf @@ -0,0 +1,27 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES diff --git a/install/ubuntu/17.10/apache2/apache2.conf b/install/ubuntu/17.10/apache2/apache2.conf new file mode 100644 index 00000000..2756132a --- /dev/null +++ b/install/ubuntu/17.10/apache2/apache2.conf @@ -0,0 +1,94 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/ubuntu/17.10/apache2/status.conf b/install/ubuntu/17.10/apache2/status.conf new file mode 100644 index 00000000..da9d9633 --- /dev/null +++ b/install/ubuntu/17.10/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/17.10/bind/named.conf b/install/ubuntu/17.10/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/ubuntu/17.10/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/17.10/clamav/clamd.conf b/install/ubuntu/17.10/clamav/clamd.conf new file mode 100644 index 00000000..4e04356e --- /dev/null +++ b/install/ubuntu/17.10/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/17.10/deb_signing.key b/install/ubuntu/17.10/deb_signing.key new file mode 100644 index 00000000..2ad2db8b --- /dev/null +++ b/install/ubuntu/17.10/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-auth.conf b/install/ubuntu/17.10/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-logging.conf b/install/ubuntu/17.10/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-mail.conf b/install/ubuntu/17.10/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-master.conf b/install/ubuntu/17.10/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/17.10/dovecot/conf.d/10-ssl.conf b/install/ubuntu/17.10/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..24cbf3e2 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,5 @@ +ssl = yes +ssl_protocols = !SSLv2 !SSLv3 + +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/17.10/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/17.10/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/17.10/dovecot/dovecot.conf b/install/ubuntu/17.10/dovecot/dovecot.conf new file mode 100644 index 00000000..311a3351 --- /dev/null +++ b/install/ubuntu/17.10/dovecot/dovecot.conf @@ -0,0 +1,24 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf + +namespace { + type = private + separator = / + prefix = + inbox = yes + + mailbox Sent { + auto = subscribe + special_use = \Sent + } + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + mailbox Trash { + auto = subscribe + special_use = \Trash + } +} diff --git a/install/ubuntu/17.10/exim/dnsbl.conf b/install/ubuntu/17.10/exim/dnsbl.conf new file mode 100644 index 00000000..5166b255 --- /dev/null +++ b/install/ubuntu/17.10/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/17.10/exim/exim4.conf.template b/install/ubuntu/17.10/exim/exim4.conf.template new file mode 100644 index 00000000..fc346486 --- /dev/null +++ b/install/ubuntu/17.10/exim/exim4.conf.template @@ -0,0 +1,382 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +add_environment = <; PATH=/bin:/usr/bin +keep_environment = +disable_ipv6 = true + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth required + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{1024K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = debian-spamd:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/17.10/exim/spam-blocks.conf b/install/ubuntu/17.10/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/ubuntu/17.10/fail2ban/action.d/vesta.conf b/install/ubuntu/17.10/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/ubuntu/17.10/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/17.10/fail2ban/filter.d/vesta.conf b/install/ubuntu/17.10/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/ubuntu/17.10/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/17.10/fail2ban/jail.local b/install/ubuntu/17.10/fail2ban/jail.local new file mode 100644 index 00000000..013f81c4 --- /dev/null +++ b/install/ubuntu/17.10/fail2ban/jail.local @@ -0,0 +1,51 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 + +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog +maxretry = 5 + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log +maxretry = 5 + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 + +[roundcube-auth] +enabled = false +filter = roundcube-auth +port = http,https +logpath = /var/log/roundcube/errors +maxretry = 5 diff --git a/install/ubuntu/17.10/firewall/ports.conf b/install/ubuntu/17.10/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/17.10/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/17.10/firewall/rules.conf b/install/ubuntu/17.10/firewall/rules.conf new file mode 100644 index 00000000..fba98e1e --- /dev/null +++ b/install/ubuntu/17.10/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/17.10/logrotate/apache2 b/install/ubuntu/17.10/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/ubuntu/17.10/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/17.10/logrotate/dovecot b/install/ubuntu/17.10/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/ubuntu/17.10/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/ubuntu/17.10/logrotate/nginx b/install/ubuntu/17.10/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/ubuntu/17.10/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/17.10/logrotate/vesta b/install/ubuntu/17.10/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/ubuntu/17.10/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/17.10/mysql/my-large.cnf b/install/ubuntu/17.10/mysql/my-large.cnf new file mode 100644 index 00000000..7201377c --- /dev/null +++ b/install/ubuntu/17.10/mysql/my-large.cnf @@ -0,0 +1,41 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.10/mysql/my-medium.cnf b/install/ubuntu/17.10/mysql/my-medium.cnf new file mode 100644 index 00000000..1c10ab9a --- /dev/null +++ b/install/ubuntu/17.10/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.10/mysql/my-small.cnf b/install/ubuntu/17.10/mysql/my-small.cnf new file mode 100644 index 00000000..26a80478 --- /dev/null +++ b/install/ubuntu/17.10/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/17.10/nginx/nginx.conf b/install/ubuntu/17.10/nginx/nginx.conf new file mode 100644 index 00000000..e7256de7 --- /dev/null +++ b/install/ubuntu/17.10/nginx/nginx.conf @@ -0,0 +1,136 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + #set_real_ip_from 2c0f:f248::/32; + #set_real_ip_from 2a06:98c0::/29; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/17.10/nginx/phpmyadmin.inc b/install/ubuntu/17.10/nginx/phpmyadmin.inc new file mode 100644 index 00000000..1feb8546 --- /dev/null +++ b/install/ubuntu/17.10/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/ubuntu/17.10/nginx/phppgadmin.inc b/install/ubuntu/17.10/nginx/phppgadmin.inc new file mode 100644 index 00000000..cd1e5806 --- /dev/null +++ b/install/ubuntu/17.10/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/17.10/nginx/status.conf b/install/ubuntu/17.10/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/ubuntu/17.10/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/17.10/nginx/webmail.inc b/install/ubuntu/17.10/nginx/webmail.inc new file mode 100644 index 00000000..ad66895b --- /dev/null +++ b/install/ubuntu/17.10/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/17.10/packages/default.pkg b/install/ubuntu/17.10/packages/default.pkg new file mode 100644 index 00000000..c2a93574 --- /dev/null +++ b/install/ubuntu/17.10/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='unlimited' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.10/packages/gainsboro.pkg b/install/ubuntu/17.10/packages/gainsboro.pkg new file mode 100644 index 00000000..76d7dae2 --- /dev/null +++ b/install/ubuntu/17.10/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='1' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.10/packages/palegreen.pkg b/install/ubuntu/17.10/packages/palegreen.pkg new file mode 100644 index 00000000..3db5fe57 --- /dev/null +++ b/install/ubuntu/17.10/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='5' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.10/packages/slategrey.pkg b/install/ubuntu/17.10/packages/slategrey.pkg new file mode 100644 index 00000000..d89e796f --- /dev/null +++ b/install/ubuntu/17.10/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/17.10/pga/config.inc.php b/install/ubuntu/17.10/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/ubuntu/17.10/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/17.10/pga/phppgadmin.conf b/install/ubuntu/17.10/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/ubuntu/17.10/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/17.10/php-fpm/www.conf b/install/ubuntu/17.10/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/ubuntu/17.10/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/ubuntu/17.10/pma/apache.conf b/install/ubuntu/17.10/pma/apache.conf new file mode 100644 index 00000000..4da6ce84 --- /dev/null +++ b/install/ubuntu/17.10/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/ + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/17.10/pma/config.inc.php b/install/ubuntu/17.10/pma/config.inc.php new file mode 100644 index 00000000..a643a065 --- /dev/null +++ b/install/ubuntu/17.10/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/17.10/roundcube/apache.conf b/install/ubuntu/17.10/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/ubuntu/17.10/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/17.10/roundcube/config.inc.php b/install/ubuntu/17.10/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/ubuntu/17.10/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/17.10/roundcube/main.inc.php b/install/ubuntu/17.10/roundcube/main.inc.php new file mode 100644 index 00000000..44b19793 --- /dev/null +++ b/install/ubuntu/17.10/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = true; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 30 seconds +$rcmail_config['draft_autosave'] = 30; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/17.10/roundcube/vesta.php b/install/ubuntu/17.10/roundcube/vesta.php new file mode 100644 index 00000000..99e1d4bc --- /dev/null +++ b/install/ubuntu/17.10/roundcube/vesta.php @@ -0,0 +1,71 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/17.10/sudo/admin b/install/ubuntu/17.10/sudo/admin new file mode 100644 index 00000000..4226bdd4 --- /dev/null +++ b/install/ubuntu/17.10/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/17.10/templates/dns/child-ns.tpl b/install/ubuntu/17.10/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/ubuntu/17.10/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.10/templates/dns/default.tpl b/install/ubuntu/17.10/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/ubuntu/17.10/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.10/templates/dns/gmail.tpl b/install/ubuntu/17.10/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/ubuntu/17.10/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/17.10/templates/web/apache2/basedir.stpl b/install/ubuntu/17.10/templates/web/apache2/basedir.stpl new file mode 100644 index 00000000..d978d4c4 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/basedir.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/basedir.tpl b/install/ubuntu/17.10/templates/web/apache2/basedir.tpl new file mode 100644 index 00000000..96c94a1b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/basedir.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/default.stpl b/install/ubuntu/17.10/templates/web/apache2/default.stpl new file mode 100644 index 00000000..ec34c279 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/default.stpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/default.tpl b/install/ubuntu/17.10/templates/web/apache2/default.tpl new file mode 100644 index 00000000..3a227015 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/default.tpl @@ -0,0 +1,37 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/hosting.stpl b/install/ubuntu/17.10/templates/web/apache2/hosting.stpl new file mode 100644 index 00000000..8892072b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/hosting.tpl b/install/ubuntu/17.10/templates/web/apache2/hosting.tpl new file mode 100644 index 00000000..1eb26910 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/phpcgi.sh b/install/ubuntu/17.10/templates/web/apache2/phpcgi.sh new file mode 100755 index 00000000..6565e103 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/17.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/17.10/templates/web/apache2/phpcgi.stpl new file mode 100644 index 00000000..731355bc --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/phpcgi.tpl b/install/ubuntu/17.10/templates/web/apache2/phpcgi.tpl new file mode 100644 index 00000000..c6796d29 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/phpfcgid.sh b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.sh new file mode 100755 index 00000000..e8058249 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/17.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.stpl new file mode 100644 index 00000000..156c8a91 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,39 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.tpl new file mode 100644 index 00000000..a4c01269 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/17.10/templates/web/awstats/awstats.tpl b/install/ubuntu/17.10/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..9a92e0fd --- /dev/null +++ b/install/ubuntu/17.10/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/17.10/templates/web/awstats/index.tpl b/install/ubuntu/17.10/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/ubuntu/17.10/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/17.10/templates/web/awstats/nav.tpl b/install/ubuntu/17.10/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +

+

+ + diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.sh b/install/ubuntu/17.10/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.stpl b/install/ubuntu/17.10/templates/web/nginx/caching.stpl new file mode 100755 index 00000000..5e0e4064 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.tpl b/install/ubuntu/17.10/templates/web/nginx/caching.tpl new file mode 100755 index 00000000..36761b65 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/default.stpl b/install/ubuntu/17.10/templates/web/nginx/default.stpl new file mode 100755 index 00000000..fa538060 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/default.tpl b/install/ubuntu/17.10/templates/web/nginx/default.tpl new file mode 100755 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.sh b/install/ubuntu/17.10/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.stpl b/install/ubuntu/17.10/templates/web/nginx/hosting.stpl new file mode 100755 index 00000000..d778d633 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.tpl b/install/ubuntu/17.10/templates/web/nginx/hosting.tpl new file mode 100755 index 00000000..15961c95 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.stpl b/install/ubuntu/17.10/templates/web/nginx/http2.stpl new file mode 100644 index 00000000..76dd2f8e --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/http2.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port% http2; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.tpl b/install/ubuntu/17.10/templates/web/nginx/http2.tpl new file mode 100644 index 00000000..c1fec114 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/http2.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..d85bcce3 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..9c24c3ea --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..d7186314 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..4f0b9ec7 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,127 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..f85032ba --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..91a70936 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..ac32dcd9 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..3b9dabf5 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..1b979475 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..50d85b68 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,102 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..71b538bf --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,99 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..704405f3 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..477f6f01 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..fdab43aa --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,198 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..f410ab77 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..f15a68c5 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..bc8b53a3 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..d6697d7a --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,70 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..908b9aeb --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..891566b9 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..78c1bb78 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,73 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..5ffc9ed5 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..297fe0e8 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..e0aeb524 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..0d933b30 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/17.10/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/17.10/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 00000000..ae195617 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/17.10/templates/web/php-fpm/default.tpl b/install/ubuntu/17.10/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.10/templates/web/php-fpm/no-php.tpl b/install/ubuntu/17.10/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/ubuntu/17.10/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.10/templates/web/php-fpm/socket.tpl b/install/ubuntu/17.10/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/17.10/templates/web/skel/document_errors/403.html b/install/ubuntu/17.10/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

+ +

403

+

Forbidden

+

+ Unfortunately, you do not have permission to view this +

+ + + diff --git a/install/ubuntu/17.10/templates/web/skel/document_errors/404.html b/install/ubuntu/17.10/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

+

404

+

Page Not Found

+

+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +

+ + diff --git a/install/ubuntu/17.10/templates/web/skel/document_errors/50x.html b/install/ubuntu/17.10/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

+ +

500

+

Internal Server Error

+

+ Sorry, something went wrong :( +

+ + + diff --git a/install/ubuntu/17.10/templates/web/skel/public_html/index.html b/install/ubuntu/17.10/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+

+ Powered by VESTA +

+ + + + diff --git a/install/ubuntu/17.10/templates/web/skel/public_html/robots.txt b/install/ubuntu/17.10/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/17.10/templates/web/skel/public_shtml/index.html b/install/ubuntu/17.10/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+

+ Powered by VESTA +

+ + + + diff --git a/install/ubuntu/17.10/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/17.10/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/17.10/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/17.10/templates/web/suspend/.htaccess b/install/ubuntu/17.10/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/ubuntu/17.10/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/17.10/templates/web/suspend/index.html b/install/ubuntu/17.10/templates/web/suspend/index.html new file mode 100755 index 00000000..f2d04e1f --- /dev/null +++ b/install/ubuntu/17.10/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

SUSPENDED

+

This website has been suspended.

+

+ Please contact the technical support department. +

+ + diff --git a/install/ubuntu/17.10/templates/web/webalizer/webalizer.tpl b/install/ubuntu/17.10/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/ubuntu/17.10/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/17.10/vsftpd/vsftpd.conf b/install/ubuntu/17.10/vsftpd/vsftpd.conf new file mode 100644 index 00000000..034b016d --- /dev/null +++ b/install/ubuntu/17.10/vsftpd/vsftpd.conf @@ -0,0 +1,27 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES diff --git a/install/ubuntu/18.04/apache2/apache2.conf b/install/ubuntu/18.04/apache2/apache2.conf new file mode 100644 index 00000000..2756132a --- /dev/null +++ b/install/ubuntu/18.04/apache2/apache2.conf @@ -0,0 +1,94 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/ubuntu/18.04/apache2/status.conf b/install/ubuntu/18.04/apache2/status.conf new file mode 100644 index 00000000..da9d9633 --- /dev/null +++ b/install/ubuntu/18.04/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/18.04/bind/named.conf b/install/ubuntu/18.04/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/ubuntu/18.04/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/18.04/clamav/clamd.conf b/install/ubuntu/18.04/clamav/clamd.conf new file mode 100644 index 00000000..4e04356e --- /dev/null +++ b/install/ubuntu/18.04/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/18.04/deb_signing.key b/install/ubuntu/18.04/deb_signing.key new file mode 100644 index 00000000..2ad2db8b --- /dev/null +++ b/install/ubuntu/18.04/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-auth.conf b/install/ubuntu/18.04/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-logging.conf b/install/ubuntu/18.04/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-master.conf b/install/ubuntu/18.04/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-ssl.conf b/install/ubuntu/18.04/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..24cbf3e2 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,5 @@ +ssl = yes +ssl_protocols = !SSLv2 !SSLv3 + +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/18.04/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/18.04/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/18.04/dovecot/dovecot.conf b/install/ubuntu/18.04/dovecot/dovecot.conf new file mode 100644 index 00000000..311a3351 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/dovecot.conf @@ -0,0 +1,24 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf + +namespace { + type = private + separator = / + prefix = + inbox = yes + + mailbox Sent { + auto = subscribe + special_use = \Sent + } + mailbox Drafts { + auto = subscribe + special_use = \Drafts + } + mailbox Trash { + auto = subscribe + special_use = \Trash + } +} diff --git a/install/ubuntu/18.04/exim/dnsbl.conf b/install/ubuntu/18.04/exim/dnsbl.conf new file mode 100644 index 00000000..5166b255 --- /dev/null +++ b/install/ubuntu/18.04/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/18.04/exim/exim4.conf.template b/install/ubuntu/18.04/exim/exim4.conf.template new file mode 100644 index 00000000..fc346486 --- /dev/null +++ b/install/ubuntu/18.04/exim/exim4.conf.template @@ -0,0 +1,382 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +add_environment = <; PATH=/bin:/usr/bin +keep_environment = +disable_ipv6 = true + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth required + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{1024K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = debian-spamd:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/18.04/exim/spam-blocks.conf b/install/ubuntu/18.04/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/ubuntu/18.04/fail2ban/action.d/vesta.conf b/install/ubuntu/18.04/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/ubuntu/18.04/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/18.04/fail2ban/filter.d/vesta.conf b/install/ubuntu/18.04/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/ubuntu/18.04/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/18.04/fail2ban/jail.local b/install/ubuntu/18.04/fail2ban/jail.local new file mode 100644 index 00000000..013f81c4 --- /dev/null +++ b/install/ubuntu/18.04/fail2ban/jail.local @@ -0,0 +1,51 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 + +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog +maxretry = 5 + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log +maxretry = 5 + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 + +[roundcube-auth] +enabled = false +filter = roundcube-auth +port = http,https +logpath = /var/log/roundcube/errors +maxretry = 5 diff --git a/install/ubuntu/18.04/firewall/ports.conf b/install/ubuntu/18.04/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/18.04/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/18.04/firewall/rules.conf b/install/ubuntu/18.04/firewall/rules.conf new file mode 100644 index 00000000..fba98e1e --- /dev/null +++ b/install/ubuntu/18.04/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/18.04/logrotate/apache2 b/install/ubuntu/18.04/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/ubuntu/18.04/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/18.04/logrotate/dovecot b/install/ubuntu/18.04/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/ubuntu/18.04/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/ubuntu/18.04/logrotate/nginx b/install/ubuntu/18.04/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/ubuntu/18.04/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/18.04/logrotate/vesta b/install/ubuntu/18.04/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/ubuntu/18.04/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/18.04/mysql/my-large.cnf b/install/ubuntu/18.04/mysql/my-large.cnf new file mode 100644 index 00000000..7201377c --- /dev/null +++ b/install/ubuntu/18.04/mysql/my-large.cnf @@ -0,0 +1,41 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.04/mysql/my-medium.cnf b/install/ubuntu/18.04/mysql/my-medium.cnf new file mode 100644 index 00000000..1c10ab9a --- /dev/null +++ b/install/ubuntu/18.04/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.04/mysql/my-small.cnf b/install/ubuntu/18.04/mysql/my-small.cnf new file mode 100644 index 00000000..26a80478 --- /dev/null +++ b/install/ubuntu/18.04/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.04/nginx/nginx.conf b/install/ubuntu/18.04/nginx/nginx.conf new file mode 100644 index 00000000..e7256de7 --- /dev/null +++ b/install/ubuntu/18.04/nginx/nginx.conf @@ -0,0 +1,136 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + #set_real_ip_from 2c0f:f248::/32; + #set_real_ip_from 2a06:98c0::/29; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/18.04/nginx/phpmyadmin.inc b/install/ubuntu/18.04/nginx/phpmyadmin.inc new file mode 100644 index 00000000..1feb8546 --- /dev/null +++ b/install/ubuntu/18.04/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/ubuntu/18.04/nginx/phppgadmin.inc b/install/ubuntu/18.04/nginx/phppgadmin.inc new file mode 100644 index 00000000..cd1e5806 --- /dev/null +++ b/install/ubuntu/18.04/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/18.04/nginx/status.conf b/install/ubuntu/18.04/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/ubuntu/18.04/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/18.04/nginx/webmail.inc b/install/ubuntu/18.04/nginx/webmail.inc new file mode 100644 index 00000000..ad66895b --- /dev/null +++ b/install/ubuntu/18.04/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/18.04/packages/default.pkg b/install/ubuntu/18.04/packages/default.pkg new file mode 100644 index 00000000..c2a93574 --- /dev/null +++ b/install/ubuntu/18.04/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='unlimited' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.04/packages/gainsboro.pkg b/install/ubuntu/18.04/packages/gainsboro.pkg new file mode 100644 index 00000000..76d7dae2 --- /dev/null +++ b/install/ubuntu/18.04/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='1' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.04/packages/palegreen.pkg b/install/ubuntu/18.04/packages/palegreen.pkg new file mode 100644 index 00000000..3db5fe57 --- /dev/null +++ b/install/ubuntu/18.04/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='5' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.04/packages/slategrey.pkg b/install/ubuntu/18.04/packages/slategrey.pkg new file mode 100644 index 00000000..d89e796f --- /dev/null +++ b/install/ubuntu/18.04/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.04/pga/config.inc.php b/install/ubuntu/18.04/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/ubuntu/18.04/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/18.04/pga/phppgadmin.conf b/install/ubuntu/18.04/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/ubuntu/18.04/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/18.04/php-fpm/www.conf b/install/ubuntu/18.04/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/ubuntu/18.04/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/ubuntu/18.04/pma/apache.conf b/install/ubuntu/18.04/pma/apache.conf new file mode 100644 index 00000000..4da6ce84 --- /dev/null +++ b/install/ubuntu/18.04/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/ + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/18.04/pma/config.inc.php b/install/ubuntu/18.04/pma/config.inc.php new file mode 100644 index 00000000..a643a065 --- /dev/null +++ b/install/ubuntu/18.04/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/18.04/roundcube/apache.conf b/install/ubuntu/18.04/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/ubuntu/18.04/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/18.04/roundcube/config.inc.php b/install/ubuntu/18.04/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/ubuntu/18.04/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/18.04/roundcube/main.inc.php b/install/ubuntu/18.04/roundcube/main.inc.php new file mode 100644 index 00000000..44b19793 --- /dev/null +++ b/install/ubuntu/18.04/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = true; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 30 seconds +$rcmail_config['draft_autosave'] = 30; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/18.04/roundcube/vesta.php b/install/ubuntu/18.04/roundcube/vesta.php new file mode 100644 index 00000000..99e1d4bc --- /dev/null +++ b/install/ubuntu/18.04/roundcube/vesta.php @@ -0,0 +1,71 @@ + + */ + + function password_save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } diff --git a/install/ubuntu/18.04/sudo/admin b/install/ubuntu/18.04/sudo/admin new file mode 100644 index 00000000..4226bdd4 --- /dev/null +++ b/install/ubuntu/18.04/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +admin ALL=(ALL) ALL +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/18.04/templates/dns/child-ns.tpl b/install/ubuntu/18.04/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/ubuntu/18.04/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.04/templates/dns/default.tpl b/install/ubuntu/18.04/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/ubuntu/18.04/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.04/templates/dns/gmail.tpl b/install/ubuntu/18.04/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/ubuntu/18.04/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.04/templates/web/apache2/basedir.stpl b/install/ubuntu/18.04/templates/web/apache2/basedir.stpl new file mode 100644 index 00000000..d978d4c4 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/basedir.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/basedir.tpl b/install/ubuntu/18.04/templates/web/apache2/basedir.tpl new file mode 100644 index 00000000..96c94a1b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/basedir.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/default.stpl b/install/ubuntu/18.04/templates/web/apache2/default.stpl new file mode 100644 index 00000000..ec34c279 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/default.stpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/default.tpl b/install/ubuntu/18.04/templates/web/apache2/default.tpl new file mode 100644 index 00000000..3a227015 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/default.tpl @@ -0,0 +1,37 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/hosting.stpl b/install/ubuntu/18.04/templates/web/apache2/hosting.stpl new file mode 100644 index 00000000..8892072b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/hosting.tpl b/install/ubuntu/18.04/templates/web/apache2/hosting.tpl new file mode 100644 index 00000000..1eb26910 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/phpcgi.sh b/install/ubuntu/18.04/templates/web/apache2/phpcgi.sh new file mode 100755 index 00000000..6565e103 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/18.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/18.04/templates/web/apache2/phpcgi.stpl new file mode 100644 index 00000000..731355bc --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/phpcgi.tpl b/install/ubuntu/18.04/templates/web/apache2/phpcgi.tpl new file mode 100644 index 00000000..c6796d29 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/phpfcgid.sh b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.sh new file mode 100755 index 00000000..e8058249 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/18.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.stpl new file mode 100644 index 00000000..156c8a91 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,39 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.tpl new file mode 100644 index 00000000..a4c01269 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.04/templates/web/awstats/awstats.tpl b/install/ubuntu/18.04/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..9a92e0fd --- /dev/null +++ b/install/ubuntu/18.04/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/18.04/templates/web/awstats/index.tpl b/install/ubuntu/18.04/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/ubuntu/18.04/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/18.04/templates/web/awstats/nav.tpl b/install/ubuntu/18.04/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +

+

+ + diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.sh b/install/ubuntu/18.04/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.stpl b/install/ubuntu/18.04/templates/web/nginx/caching.stpl new file mode 100755 index 00000000..5e0e4064 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.tpl b/install/ubuntu/18.04/templates/web/nginx/caching.tpl new file mode 100755 index 00000000..36761b65 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/default.stpl b/install/ubuntu/18.04/templates/web/nginx/default.stpl new file mode 100755 index 00000000..fa538060 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/default.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/default.tpl b/install/ubuntu/18.04/templates/web/nginx/default.tpl new file mode 100755 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.sh b/install/ubuntu/18.04/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.stpl b/install/ubuntu/18.04/templates/web/nginx/hosting.stpl new file mode 100755 index 00000000..d778d633 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.stpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.tpl b/install/ubuntu/18.04/templates/web/nginx/hosting.tpl new file mode 100755 index 00000000..15961c95 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/http2.stpl b/install/ubuntu/18.04/templates/web/nginx/http2.stpl new file mode 100644 index 00000000..76dd2f8e --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/http2.stpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_ssl_port% http2; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/http2.tpl b/install/ubuntu/18.04/templates/web/nginx/http2.tpl new file mode 100644 index 00000000..c1fec114 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/http2.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/httpd/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/httpd/domains/%domain%.log combined; + access_log /var/log/httpd/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..d85bcce3 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..9c24c3ea --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,61 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..d7186314 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..4f0b9ec7 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,127 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..f85032ba --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..91a70936 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..ac32dcd9 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # For Drupal 6 and bwlow: + # Some modules enforce no slash (/) at the end of the URL + # Else this rewrite block wouldn't be needed (GlobalRedirect) + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..3b9dabf5 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,101 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..1b979475 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,98 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..50d85b68 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,102 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..71b538bf --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,99 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$)|^/update.php { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + location @rewrite { + # You have 2 options here + # For D7 and above: + # Clean URLs are handled in drupal_environment_initialize(). + rewrite ^ /index.php; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..704405f3 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..477f6f01 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..fdab43aa --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,198 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..f410ab77 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..f15a68c5 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..bc8b53a3 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,47 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..d6697d7a --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,70 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..908b9aeb --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..891566b9 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..78c1bb78 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,73 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..5ffc9ed5 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..297fe0e8 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..5cb55311 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..e0aeb524 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..0d933b30 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/18.04/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 00000000..ae195617 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/18.04/templates/web/php-fpm/default.tpl b/install/ubuntu/18.04/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.04/templates/web/php-fpm/no-php.tpl b/install/ubuntu/18.04/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/ubuntu/18.04/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.04/templates/web/php-fpm/socket.tpl b/install/ubuntu/18.04/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.04/templates/web/skel/document_errors/403.html b/install/ubuntu/18.04/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

+ +

403

+

Forbidden

+

+ Unfortunately, you do not have permission to view this +

+ + + diff --git a/install/ubuntu/18.04/templates/web/skel/document_errors/404.html b/install/ubuntu/18.04/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

+

404

+

Page Not Found

+

+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +

+ + diff --git a/install/ubuntu/18.04/templates/web/skel/document_errors/50x.html b/install/ubuntu/18.04/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

+ +

500

+

Internal Server Error

+

+ Sorry, something went wrong :( +

+ + + diff --git a/install/ubuntu/18.04/templates/web/skel/public_html/index.html b/install/ubuntu/18.04/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+

+ Powered by VESTA +

+ + + + diff --git a/install/ubuntu/18.04/templates/web/skel/public_html/robots.txt b/install/ubuntu/18.04/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/18.04/templates/web/skel/public_shtml/index.html b/install/ubuntu/18.04/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+

+ Powered by VESTA +

+ + + + diff --git a/install/ubuntu/18.04/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/18.04/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/18.04/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/18.04/templates/web/suspend/.htaccess b/install/ubuntu/18.04/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/ubuntu/18.04/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/18.04/templates/web/suspend/index.html b/install/ubuntu/18.04/templates/web/suspend/index.html new file mode 100755 index 00000000..f2d04e1f --- /dev/null +++ b/install/ubuntu/18.04/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

SUSPENDED

+

This website has been suspended.

+

+ Please contact the technical support department. +

+ + diff --git a/install/ubuntu/18.04/templates/web/webalizer/webalizer.tpl b/install/ubuntu/18.04/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/ubuntu/18.04/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/18.04/vsftpd/vsftpd.conf b/install/ubuntu/18.04/vsftpd/vsftpd.conf new file mode 100644 index 00000000..034b016d --- /dev/null +++ b/install/ubuntu/18.04/vsftpd/vsftpd.conf @@ -0,0 +1,27 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES From 208db116d1bcf6b437ba0a4d01c2528366d35b00 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 31 May 2018 18:14:14 +0300 Subject: [PATCH 013/140] fixed my.cnf config location --- install/vst-install-amazon.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index e57b26cc..f1fe62c7 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -996,7 +996,7 @@ if [ "$mysql" = 'yes' ]; then service='mariadb' fi - cp -f $vestacp/$service/$mycnf /etc/ + cp -f $vestacp/$service/$mycnf /etc/my.cnf chkconfig $service on service $service start if [ "$?" -ne 0 ]; then From a3f0fa1501d424477786e3e7150bb05c0b99518f Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 31 May 2018 18:15:53 +0300 Subject: [PATCH 014/140] New ubuntu installer --- install/vst-install-ubuntu.sh | 126 ++++++++++++++++------------------ install/vst-install.sh | 2 +- 2 files changed, 60 insertions(+), 68 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 223f9d11..a331570c 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -16,9 +16,9 @@ arch=$(uname -i) os='ubuntu' release="$(lsb_release -s -r)" codename="$(lsb_release -s -c)" -vestacp="http://$CHOST/$VERSION/$release" +vestacp="$VESTA/install/$VERSION/$release" -if [ "$release" = '16.04' ]; then +if [ "$release" = '16.04' ] || [ "$release" = '18.04' ]; then software="nginx apache2 apache2-utils apache2.2-common apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf libapache2-mod-fcgid libapache2-mod-php php php-common php-cgi @@ -31,7 +31,7 @@ if [ "$release" = '16.04' ]; then e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect vim-common vesta-ioncube vesta-softaculous apparmor-utils" -elif [ "$release" = '16.10' ]; then +elif [ "$release" = '16.10' ] || [ "$release" = '17.10' ]; then software="nginx apache2 apache2-utils apache2.2-common apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf libapache2-mod-fcgid libapache2-mod-php7.0 php7.0 php7.0-common @@ -275,7 +275,7 @@ if [ ! -e '/usr/bin/wget' ]; then fi # Checking repository availability -wget -q "$vestacp/deb_signing.key" -O /dev/null +wget -q "c.vestacp.com/deb_signing.key" -O /dev/null check_result $? "No access to Vesta repository" # Check installed packages @@ -696,10 +696,9 @@ chmod 755 /usr/bin/rssh # Configure Vesta # #----------------------------------------------------------# - -# Downlading sudo configuration +# Installing sudo configuration mkdir -p /etc/sudoers.d -wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env @@ -711,7 +710,7 @@ echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile # Configuring logrotate for Vesta logs -wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ # Building directory tree and creating some blank files for Vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ @@ -817,25 +816,18 @@ echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf -# Downloading hosting packages -cd $VESTA/data -wget $vestacp/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ -# Downloading templates -wget $vestacp/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot -cp templates/web/skel/public_html/index.html /var/www/ +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/ sed -i 's/%domain%/It worked!/g' /var/www/index.html -# Downloading firewall rules -wget $vestacp/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz +# Installing firewall rules +cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -857,6 +849,11 @@ chown root:mail $VESTA/ssl/* chmod 660 $VESTA/ssl/* rm /tmp/vst.pem +# Adding nologin as a valid system shell +if [ -z "$(grep nologin /etc/shells)" ]; then + echo "/sbin/nologin" >> /etc/shells +fi + #----------------------------------------------------------# # Configure Nginx # @@ -864,12 +861,12 @@ rm /tmp/vst.pem if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf - wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf - wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf - wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc - wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc - wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc - wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains update-rc.d nginx defaults @@ -883,9 +880,9 @@ fi #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then - wget $vestacp/apache2/apache2.conf -O /etc/apache2/apache2.conf - wget $vestacp/apache2/status.conf -O /etc/apache2/mods-enabled/status.conf - wget $vestacp/logrotate/apache2 -O /etc/logrotate.d/apache2 + cp -f $vestacp/apache2/apache2.conf /etc/apache2/ + cp -f $vestacp/apache2/status.conf /etc/apache2/mods-enabled/ + cp -f $vestacp/logrotate/apache2 /etc/logrotate.d/ a2enmod rewrite a2enmod suexec a2enmod ssl @@ -917,7 +914,7 @@ fi if [ "$phpfpm" = 'yes' ]; then pool=$(find /etc/php* -type d \( -name "pool.d" -o -name "*fpm.d" \)) - wget $vestacp/php-fpm/www.conf -O $pool/www.conf + cp -f $vestacp/php-fpm/www.conf $pool/ php_fpm=$(ls /etc/init.d/php*-fpm* |cut -f 4 -d /) ln -s /etc/init.d/$php_fpm /etc/init.d/php-fpm > /dev/null 2>&1 update-rc.d $php_fpm defaults @@ -945,13 +942,11 @@ done #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then - wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd.conf + cp -f $vestacp/vsftpd/vsftpd.conf /etc/ update-rc.d vsftpd defaults service vsftpd start check_result $? "vsftpd start failed" - # To be deleted after release 0.9.8-18 - echo "/sbin/nologin" >> /etc/shells fi @@ -961,7 +956,7 @@ fi if [ "$proftpd" = 'yes' ]; then echo "127.0.0.1 $servername" >> /etc/hosts - wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd/proftpd.conf + cp -f $vestacp/proftpd/proftpd.conf /etc/proftpd/ update-rc.d proftpd defaults service proftpd start check_result $? "proftpd start failed" @@ -982,10 +977,15 @@ if [ "$mysql" = 'yes' ]; then fi # Configuring MySQL/MariaDB - wget $vestacp/mysql/$mycnf -O /etc/mysql/my.cnf + cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf if [ "$release" != '16.04' ]; then mysql_install_db fi + if [ "$release" == '18.04' ]; then + mkdir /var/lib/mysql + chown mysql:mysql /var/lib/mysql + mysqld --initialize-insecure + fi update-rc.d mysql defaults service mysql start check_result $? "mysql start failed" @@ -997,15 +997,15 @@ if [ "$mysql" = 'yes' ]; then mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'" - mysql -e "DELETE FROM mysql.user WHERE user='' or password='';" + mysql -e "DELETE FROM mysql.user WHERE user='' OR password='';" mysql -e "FLUSH PRIVILEGES" # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pma/apache.conf -O /etc/phpmyadmin/apache.conf + cp -f $vestacp/pma/apache.conf /etc/phpmyadmin/ ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf fi - wget $vestacp/pma/config.inc.php -O /etc/phpmyadmin/config.inc.php + cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/ chmod 777 /var/lib/phpmyadmin/tmp fi @@ -1014,16 +1014,15 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then - wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf + cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pga/phppgadmin.conf \ - -O /etc/apache2/conf.d/phppgadmin.conf + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ fi - wget $vestacp/pga/config.inc.php -O /etc/phppgadmin/config.inc.php + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi @@ -1032,7 +1031,7 @@ fi #----------------------------------------------------------# if [ "$named" = 'yes' ]; then - wget $vestacp/bind/named.conf -O /etc/bind/named.conf + cp -f $vestacp/bind/named.conf /etc/bind/ sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options chown root:bind /etc/bind/named.conf chmod 640 /etc/bind/named.conf @@ -1058,9 +1057,9 @@ fi if [ "$exim" = 'yes' ]; then gpasswd -a Debian-exim mail - wget $vestacp/exim/exim4.conf.template -O /etc/exim4/exim4.conf.template - wget $vestacp/exim/dnsbl.conf -O /etc/exim4/dnsbl.conf - wget $vestacp/exim/spam-blocks.conf -O /etc/exim4/spam-blocks.conf + cp -f $vestacp/exim/exim4.conf.template /etc/exim4/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim4/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ touch /etc/exim4/white-blocks.conf if [ "$spamd" = 'yes' ]; then @@ -1093,12 +1092,8 @@ fi if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail - wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz - wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot - cd /etc - rm -rf dovecot dovecot.conf - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz + cp -rf $vestacp/dovecot /etc/ + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* update-rc.d dovecot defaults service dovecot start @@ -1113,7 +1108,7 @@ fi if [ "$clamd" = 'yes' ]; then gpasswd -a clamav mail gpasswd -a clamav Debian-exim - wget $vestacp/clamav/clamd.conf -O /etc/clamav/clamd.conf + cp -f $vestacp/clamav/clamd.conf /etc/clamav/ /usr/bin/freshclam update-rc.d clamav-daemon defaults service clamav-daemon start @@ -1143,17 +1138,16 @@ fi if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then - wget $vestacp/roundcube/apache.conf -O /etc/roundcube/apache.conf + cp -f $vestacp/roundcube/apache.conf /etc/roundcube/ ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf fi - wget $vestacp/roundcube/main.inc.php -O /etc/roundcube/main.inc.php - wget $vestacp/roundcube/db.inc.php -O /etc/roundcube/db.inc.php + cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ + cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ chmod 640 /etc/roundcube/debian-db-roundcube.php chown root:www-data /etc/roundcube/debian-db-roundcube.php - wget $vestacp/roundcube/vesta.php -O \ - /usr/share/roundcube/plugins/password/drivers/vesta.php - wget $vestacp/roundcube/config.inc.php -O \ - /etc/roundcube/plugins/password/config.inc.php + cp -f $vestacp/roundcube/vesta.php \ + /usr/share/roundcube/plugins/password/drivers/ + cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ r="$(gen_pass)" mysql -e "CREATE DATABASE roundcube" mysql -e "GRANT ALL ON roundcube.* @@ -1178,10 +1172,7 @@ fi #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then - cd /etc - wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz - tar -xzf fail2ban.tar.gz - rm -f fail2ban.tar.gz + cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) @@ -1243,6 +1234,7 @@ fi # Get public IP pub_ip=$(curl -s vestacp.com/what-is-my-ip/) if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip ip=$pub_ip fi @@ -1261,7 +1253,7 @@ fi # Adding default domain $VESTA/bin/v-add-domain admin $servername -check_result $? "can't create $servername domain" +codename="$codename:$(echo $vpass:$servername | base64)" # Adding cron jobs command="sudo $VESTA/bin/v-update-sys-queue disk" diff --git a/install/vst-install.sh b/install/vst-install.sh index 40dd5025..4bd4cc20 100755 --- a/install/vst-install.sh +++ b/install/vst-install.sh @@ -8,7 +8,7 @@ # RHEL 5, 6, 7 # CentOS 5, 6, 7 # Debian 7, 8 -# Ubuntu 12.04 - 16.10 +# Ubuntu 12.04 - 18.04 # # Am I root? From 73e72183b294bed73a93ece8e82008ff3607eaca Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 21:01:49 +0300 Subject: [PATCH 015/140] Fix nologin --- install/vst-install-ubuntu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index a331570c..351d3dfb 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -851,7 +851,7 @@ rm /tmp/vst.pem # Adding nologin as a valid system shell if [ -z "$(grep nologin /etc/shells)" ]; then - echo "/sbin/nologin" >> /etc/shells + echo "/usr/sbin/nologin" >> /etc/shells fi From 7a28629ffc4e56fd18b13f362e1bf04bc65a09a4 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 21:08:24 +0300 Subject: [PATCH 016/140] vsftpd Fix --- install/vst-install-ubuntu.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index a331570c..7d41be7c 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -943,6 +943,12 @@ done if [ "$vsftpd" = 'yes' ]; then cp -f $vestacp/vsftpd/vsftpd.conf /etc/ + touch /var/log//vsftpd.log + chown root:adm /var/log/vsftpd.log + chmod 640 /var/log/vsftpd.log + touch /var/log/xferlog + chown root:adm /var/log/xferlog + chmod 640 /var/log/xferlog update-rc.d vsftpd defaults service vsftpd start check_result $? "vsftpd start failed" From b06ddecbc171f5e1ab774439d7fc42cd4fb9a805 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 21:21:16 +0300 Subject: [PATCH 017/140] Replace /tmp with $BACKUP /tmp size is not enough for larger websites. --- bin/v-backup-user | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index cc28a1c8..b6ec66ec 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -69,7 +69,7 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do done # Creating temporary directory -tmpdir=$(mktemp -p /tmp -d) +tmpdir=$(mktemp -p $BACKUP -d) if [ "$?" -ne 0 ]; then echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify From 3e0a67113eca4f47566e2eb12653b12e0825ab45 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 21:27:41 +0300 Subject: [PATCH 018/140] Update exim4.conf.template --- install/ubuntu/18.04/exim/exim4.conf.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ubuntu/18.04/exim/exim4.conf.template b/install/ubuntu/18.04/exim/exim4.conf.template index fc346486..c904441f 100644 --- a/install/ubuntu/18.04/exim/exim4.conf.template +++ b/install/ubuntu/18.04/exim/exim4.conf.template @@ -6,7 +6,7 @@ #SPAMASSASSIN = yes #SPAM_SCORE = 50 -#CLAMD = yes +#CLAMD = yes add_environment = <; PATH=/bin:/usr/bin keep_environment = From 53c58d2bb313a2372a6709efa8423a246ed22365 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 21:36:49 +0300 Subject: [PATCH 019/140] Minor fixes --- install/ubuntu/18.04/roundcube/main.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/ubuntu/18.04/roundcube/main.inc.php b/install/ubuntu/18.04/roundcube/main.inc.php index 44b19793..32e0d473 100644 --- a/install/ubuntu/18.04/roundcube/main.inc.php +++ b/install/ubuntu/18.04/roundcube/main.inc.php @@ -197,7 +197,7 @@ $rcmail_config['auto_create_user'] = true; // use this folder to store log files (must be writeable for apache user) // This is used by the 'file' log driver. -$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; +$rcmail_config['log_dir'] = '/var/log/roundcube/'; // use this folder to store temp files (must be writeable for apache user) $rcmail_config['temp_dir'] = '/tmp'; @@ -305,7 +305,7 @@ $rcmail_config['max_recipients'] = 0; $rcmail_config['max_group_members'] = 0; // add this user-agent to message headers when sending -$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; +$rcmail_config['useragent'] = 'Roundcube Webmail'; // use this name to compose page titles $rcmail_config['product_name'] = 'Roundcube Webmail'; From e1024e04830852ac811dfb8a48bcd3b633f83acc Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 21:42:03 +0300 Subject: [PATCH 020/140] vsftpd SSL Support & hardening --- install/ubuntu/18.04/vsftpd/vsftpd.conf | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/install/ubuntu/18.04/vsftpd/vsftpd.conf b/install/ubuntu/18.04/vsftpd/vsftpd.conf index 034b016d..75e0104f 100644 --- a/install/ubuntu/18.04/vsftpd/vsftpd.conf +++ b/install/ubuntu/18.04/vsftpd/vsftpd.conf @@ -20,8 +20,21 @@ ascii_download_enable=YES allow_writeable_chroot=YES seccomp_sandbox=NO pasv_enable=YES +pasv_promiscuous=YES pasv_min_port=12000 pasv_max_port=12100 max_per_ip=10 max_clients=100 use_localtime=YES +utf8_filesystem=YES +ssl_enable=YES +allow_anon_ssl=NO +require_ssl_reuse=NO +ssl_ciphers=HIGH +ssl_tlsv1=YES +ssl_sslv2=NO +ssl_sslv3=NO +force_local_data_ssl=NO +force_local_logins_ssl=NO +rsa_cert_file=/usr/local/vesta/ssl/certificate.crt +rsa_private_key_file=/usr/local/vesta/ssl/certificate.key From cdbd68906503677f71b17b0acb2def28e65a2c35 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 21:52:09 +0300 Subject: [PATCH 021/140] Optimizations --- install/ubuntu/18.04/nginx/nginx.conf | 28 ++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/install/ubuntu/18.04/nginx/nginx.conf b/install/ubuntu/18.04/nginx/nginx.conf index e7256de7..790aee49 100644 --- a/install/ubuntu/18.04/nginx/nginx.conf +++ b/install/ubuntu/18.04/nginx/nginx.conf @@ -2,7 +2,7 @@ user www-data; worker_processes auto; worker_rlimit_nofile 65535; -error_log /var/log/nginx/error.log crit; +error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; @@ -19,14 +19,14 @@ http { sendfile on; tcp_nopush on; tcp_nodelay on; - client_header_timeout 1m; - client_body_timeout 1m; + client_header_timeout 60s; + client_body_timeout 60s; client_header_buffer_size 2k; client_body_buffer_size 256k; client_max_body_size 256m; - large_client_header_buffers 4 8k; - send_timeout 30; - keepalive_timeout 60 60; + large_client_header_buffers 4 8k; + send_timeout 60s; + keepalive_timeout 30s; reset_timedout_connection on; server_tokens off; server_name_in_redirect off; @@ -50,9 +50,11 @@ http { # Compression gzip on; - gzip_comp_level 9; - gzip_min_length 512; - gzip_buffers 8 64k; + gzip_static on; + gzip_vary on; + gzip_comp_level 6; + gzip_min_length 1024; + gzip_buffers 16 8k; gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; gzip_proxied any; gzip_disable "MSIE [1-6]\."; @@ -63,12 +65,12 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass_header Set-Cookie; - proxy_connect_timeout 90; - proxy_send_timeout 90; - proxy_read_timeout 90; proxy_buffers 32 4k; + proxy_connect_timeout 30s; + proxy_send_timeout 90s; + proxy_read_timeout 90s; - + # Cloudflare https://www.cloudflare.com/ips set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; From 5e536570de4344dbde5ffdd42df812fc45221e25 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 21:58:46 +0300 Subject: [PATCH 022/140] Typo --- func/ip.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/func/ip.sh b/func/ip.sh index d78cfa73..605554af 100644 --- a/func/ip.sh +++ b/func/ip.sh @@ -26,7 +26,7 @@ get_ip_iface() { } -# Check ip address speciefic value +# Check ip address specific value is_ip_key_empty() { key="$1" string=$(cat $VESTA/data/ips/$ip) From 51f3dea7da5c38943fabd30091219dd4d0a18b2a Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 22:05:38 +0300 Subject: [PATCH 023/140] Do not expose PHP Version --- src/rpm/conf/php.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpm/conf/php.ini b/src/rpm/conf/php.ini index 1d76b783..28dc539a 100644 --- a/src/rpm/conf/php.ini +++ b/src/rpm/conf/php.ini @@ -290,7 +290,7 @@ disable_classes = ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. -expose_php = On +expose_php = Off ;;;;;;;;;;;;;;;;;;; From 334436e5032803c6f02fad07beda0907d40311d1 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 22:12:31 +0300 Subject: [PATCH 024/140] Vesta PHP-FPM Optimization --- src/rpm/conf/php-fpm.conf | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/rpm/conf/php-fpm.conf b/src/rpm/conf/php-fpm.conf index 8a7d0bd5..0a76ae2f 100755 --- a/src/rpm/conf/php-fpm.conf +++ b/src/rpm/conf/php-fpm.conf @@ -42,18 +42,18 @@ pid = /var/run/vesta-php.pid ; instances running on the same server, you can change the default value ; which must suit common needs. ; Default Value: php-fpm -;syslog.ident = php-fpm +syslog.ident = vesta-php ; Log level ; Possible Values: alert, error, warning, notice, debug ; Default Value: notice -;log_level = notice +log_level = error ; If this number of child processes exit with SIGSEGV or SIGBUS within the time ; interval set by emergency_restart_interval then FPM will restart. A value ; of '0' means 'Off'. ; Default Value: 0 -;emergency_restart_threshold = 0 +emergency_restart_threshold = 10 ; Interval of time used by emergency_restart_interval to determine when ; a graceful restart will be initiated. This can be useful to work around @@ -61,13 +61,13 @@ pid = /var/run/vesta-php.pid ; Available Units: s(econds), m(inutes), h(ours), or d(ays) ; Default Unit: seconds ; Default Value: 0 -;emergency_restart_interval = 0 +emergency_restart_interval = 1m ; Time limit for child processes to wait for a reaction on signals from master. ; Available units: s(econds), m(inutes), h(ours), or d(ays) ; Default Unit: seconds ; Default Value: 0 -;process_control_timeout = 0 +process_control_timeout = 10s ; The maximum number of processes FPM will fork. This has been design to control ; the global number of processes when using dynamic PM within a lot of pools. @@ -97,7 +97,7 @@ pid = /var/run/vesta-php.pid ; - /dev/poll (Solaris >= 7) ; - port (Solaris >= 10) ; Default Value: not set (auto detection) -; events.mechanism = epoll +events.mechanism = epoll ;;;;;;;;;;;;;;;;;;;; ; Pool Definitions ; @@ -188,7 +188,7 @@ listen.mode = 0660 ; pm.process_idle_timeout - The number of seconds after which ; an idle process will be killed. ; Note: This value is mandatory. -pm = dynamic +pm = ondemand ; The number of child processes to be created when pm is set to 'static' and the ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. @@ -199,33 +199,33 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 5 +pm.max_children = 2 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 2 +;pm.start_servers = 2 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 1 +;pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 3 +;pm.max_spare_servers = 3 ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s -;pm.process_idle_timeout = 10s; +pm.process_idle_timeout = 10s; ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -;pm.max_requests = 500 +pm.max_requests = 1000 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: From ce96bc9388a13a7ad97b21ca159fa611f355f208 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 22:32:26 +0300 Subject: [PATCH 025/140] NTP fix --- install/vst-install-ubuntu.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 351d3dfb..7a82019a 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -678,9 +678,9 @@ echo "/usr/sbin/nologin" >> /etc/shells # NTP Synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate -echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate +echo "$(which ntpdate) -s ntp.ubuntu.com" >> /etc/cron.daily/ntpdate chmod 775 /etc/cron.daily/ntpdate -ntpdate -s pool.ntp.org +ntpdate -s ntp.ubuntu.com # Setup rssh if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then From 3ecce92e16658caa8d762c3c065519ff891c7346 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 22:44:10 +0300 Subject: [PATCH 026/140] Cosmetic changes --- install/vst-install-ubuntu.sh | 43 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 351d3dfb..938d2a7a 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -103,7 +103,7 @@ gen_pass() { echo "$PASS" } -# Defning return code check function +# Defining return code check function check_result() { if [ $1 -ne 0 ]; then echo "Error: $2" @@ -122,7 +122,7 @@ set_default_value() { fi } -# Define function to set default language value +# Defining function to set default language value set_default_lang() { if [ -z "$lang" ]; then eval lang=$1 @@ -278,7 +278,7 @@ fi wget -q "c.vestacp.com/deb_signing.key" -O /dev/null check_result $? "No access to Vesta repository" -# Check installed packages +# Checking installed packages tmpfile=$(mktemp -p /tmp) dpkg --get-selections > $tmpfile for pkg in exim4 mysql-server apache2 nginx vesta; do @@ -319,7 +319,7 @@ echo echo ' Vesta Control Panel' echo -e "\n\n" -echo 'Following software will be installed on your system:' +echo 'The following software will be installed on your system:' # Web stack if [ "$nginx" = 'yes' ]; then @@ -340,16 +340,16 @@ if [ "$named" = 'yes' ]; then echo ' - Bind DNS Server' fi -# Mail Stack +# Mail stack if [ "$exim" = 'yes' ]; then - echo -n ' - Exim mail server' + echo -n ' - Exim Mail Server' if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then echo -n ' + ' if [ "$clamd" = 'yes' ]; then - echo -n 'Antivirus ' + echo -n 'ClamAV' fi if [ "$spamd" = 'yes' ]; then - echo -n 'Antispam' + echo -n 'SpamAssassin' fi fi echo @@ -358,7 +358,7 @@ if [ "$exim" = 'yes' ]; then fi fi -# DB stack +# Database stack if [ "$mysql" = 'yes' ]; then echo ' - MySQL Database Server' fi @@ -491,27 +491,27 @@ cd $vst_backups mkdir nginx apache2 php vsftpd proftpd bind exim4 dovecot clamd mkdir spamassassin mysql postgresql mongodb vesta -# Backing up nginx configuration +# Backup nginx configuration service nginx stop > /dev/null 2>&1 cp -r /etc/nginx/* $vst_backups/nginx >/dev/null 2>&1 -# Backing up Apache configuration +# Backup Apache configuration service apache2 stop > /dev/null 2>&1 cp -r /etc/apache2/* $vst_backups/apache2 > /dev/null 2>&1 rm -f /etc/apache2/conf.d/* > /dev/null 2>&1 -# Backing up PHP configuration +# Backup PHP-FPM configuration service php7.0-fpm stop > /dev/null 2>&1 service php5-fpm stop > /dev/null 2>&1 cp -r /etc/php7.0/* $vst_backups/php/ > /dev/null 2>&1 cp -r /etc/php5/* $vst_backups/php/ > /dev/null 2>&1 cp -r /etc/php/* $vst_backups/php/ > /dev/null 2>&1 -# Backing up Bind configuration +# Backup Bind configuration service bind9 stop > /dev/null 2>&1 cp -r /etc/bind/* $vst_backups/bind > /dev/null 2>&1 -# Backing up Vsftpd configuration +# Backup Vsftpd configuration service vsftpd stop > /dev/null 2>&1 cp /etc/vsftpd.conf $vst_backups/vsftpd > /dev/null 2>&1 @@ -519,24 +519,24 @@ cp /etc/vsftpd.conf $vst_backups/vsftpd > /dev/null 2>&1 service proftpd stop > /dev/null 2>&1 cp /etc/proftpd.conf $vst_backups/proftpd > /dev/null 2>&1 -# Backing up Exim configuration +# Backup Exim configuration service exim4 stop > /dev/null 2>&1 cp -r /etc/exim4/* $vst_backups/exim4 > /dev/null 2>&1 -# Backing up ClamAV configuration +# Backup ClamAV configuration service clamav-daemon stop > /dev/null 2>&1 cp -r /etc/clamav/* $vst_backups/clamav > /dev/null 2>&1 -# Backing up SpamAssassin configuration +# Backup SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 cp -r /etc/spamassassin/* $vst_backups/spamassassin > /dev/null 2>&1 -# Backing up Dovecot configuration +# Backup Dovecot configuration service dovecot stop > /dev/null 2>&1 cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 -# Backing up MySQL/MariaDB configuration and data +# Backup MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 killall -9 mysqld > /dev/null 2>&1 mv /var/lib/mysql $vst_backups/mysql/mysql_datadir > /dev/null 2>&1 @@ -548,7 +548,6 @@ if [ "$release" = '16.04' ] && [ -e '/etc/init.d/mysql' ]; then mysqld --initialize-insecure fi - # Backup Vesta service vesta stop > /dev/null 2>&1 cp -r $VESTA/* $vst_backups/vesta > /dev/null 2>&1 @@ -667,7 +666,7 @@ rm -f /usr/sbin/policy-rc.d sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config service ssh restart -# Disable awstats cron +# Disable AWStats cron rm -f /etc/cron.d/awstats # Set directory color @@ -676,7 +675,7 @@ echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile # Register /usr/sbin/nologin echo "/usr/sbin/nologin" >> /etc/shells -# NTP Synchronization +# NTP Sync echo '#!/bin/sh' > /etc/cron.daily/ntpdate echo "$(which ntpdate) -s pool.ntp.org" >> /etc/cron.daily/ntpdate chmod 775 /etc/cron.daily/ntpdate From cb20b0bfd14520994ec202b2d223ddd34b41de30 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 23:08:39 +0300 Subject: [PATCH 027/140] Not always apache is used --- install/vst-install-ubuntu.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 351d3dfb..06c55dc3 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -1163,7 +1163,12 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql php5enmod mcrypt 2>/dev/null phpenmod mcrypt 2>/dev/null - service apache2 restart + if [ "$apache" = 'yes' ]; then + service apache2 restart + fi + if [ "$nginx" = 'yes' ]; then + service nginx restart + fi fi From 52e9b19df6991b22037cf84b26f1b178aab11811 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 23:20:30 +0300 Subject: [PATCH 028/140] Small fix PHP-FPM --- install/vst-install-ubuntu.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 351d3dfb..6ed48381 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -503,6 +503,7 @@ rm -f /etc/apache2/conf.d/* > /dev/null 2>&1 # Backing up PHP configuration service php7.0-fpm stop > /dev/null 2>&1 service php5-fpm stop > /dev/null 2>&1 +service php-fpm stop > /dev/null 2>&1 cp -r /etc/php7.0/* $vst_backups/php/ > /dev/null 2>&1 cp -r /etc/php5/* $vst_backups/php/ > /dev/null 2>&1 cp -r /etc/php/* $vst_backups/php/ > /dev/null 2>&1 From eca2fdc073cfe9bb787a03a3811cbe841bb5e9e4 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Thu, 31 May 2018 23:51:09 +0300 Subject: [PATCH 029/140] Roundcube fail2ban fix --- install/vst-install-ubuntu.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 351d3dfb..82f38a87 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -1153,6 +1153,9 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then mysql -e "GRANT ALL ON roundcube.* TO roundcube@localhost IDENTIFIED BY '$r'" sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php + touch /var/log/roundcube/errors + chmod 640 /var/log/roundcube/errors + chown www-data:adm /var/log/roundcube/errors if [ "$release" = '16.04' ]; then mv /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php mv /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php From cd618961767966846e8adc5bdba31451792c8f39 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Fri, 1 Jun 2018 13:57:37 +0300 Subject: [PATCH 030/140] Switch from /tmp to /backup --- bin/v-restore-user | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-restore-user b/bin/v-restore-user index 79e1e28c..9fd31eba 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -230,7 +230,7 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do done # Creating temporary directory -tmpdir=$(mktemp -p /tmp -d) +tmpdir=$(mktemp -p $BACKUP -d) if [ "$?" -ne 0 ]; then echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify sed -i "/ $user /d" $VESTA/data/queue/backup.pipe From 11eca5dfda030198b4686ac19fba1e6772496b16 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sat, 2 Jun 2018 00:52:31 +0200 Subject: [PATCH 031/140] Configurable $BACKUP_TEMP in v-backup-user --- bin/v-backup-user | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index b6ec66ec..bc57cafc 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -68,8 +68,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do (( ++i)) done +if [ -z "$BACKUP_TEMP" ]; then + BACKUP_TEMP=$BACKUP +fi + # Creating temporary directory -tmpdir=$(mktemp -p $BACKUP -d) +tmpdir=$(mktemp -p $BACKUP_TEMP -d) if [ "$?" -ne 0 ]; then echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify From 73a0b3fd9543173432eed736815b23dd8a2ea076 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sat, 2 Jun 2018 00:55:52 +0200 Subject: [PATCH 032/140] Configurable $BACKUP_TEMP in v-restore-user --- bin/v-restore-user | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/bin/v-restore-user b/bin/v-restore-user index 9fd31eba..55e29e18 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -229,8 +229,12 @@ while [ "$la" -ge "$BACKUP_LA_LIMIT" ]; do (( ++i)) done +if [ -z "$BACKUP_TEMP" ]; then + BACKUP_TEMP=$BACKUP +fi + # Creating temporary directory -tmpdir=$(mktemp -p $BACKUP -d) +tmpdir=$(mktemp -p $BACKUP_TEMP -d) if [ "$?" -ne 0 ]; then echo "Can't create tmp dir $tmpdir" |$SENDMAIL -s "$subj" $email $notify sed -i "/ $user /d" $VESTA/data/queue/backup.pipe From f759088ddedfbcd9f26e945cd5037aa418005823 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sat, 2 Jun 2018 01:48:41 +0200 Subject: [PATCH 033/140] Changing /var/log/httpd/ to /var/log/%web_system%/ (debian9 http2.tpl) --- install/debian/9/templates/web/nginx/http2.tpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install/debian/9/templates/web/nginx/http2.tpl b/install/debian/9/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/debian/9/templates/web/nginx/http2.tpl +++ b/install/debian/9/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } From 4363244c1acf08438cf0dd34db9ada57e2d2810d Mon Sep 17 00:00:00 2001 From: dpeca Date: Sat, 2 Jun 2018 01:50:43 +0200 Subject: [PATCH 034/140] Changing /var/log/httpd/ to /var/log/%web_system%/ (debian9 http2.stpl) --- install/debian/9/templates/web/nginx/http2.stpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install/debian/9/templates/web/nginx/http2.stpl b/install/debian/9/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/debian/9/templates/web/nginx/http2.stpl +++ b/install/debian/9/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } From f68bb795deb153bbb0b9da3a03b0f7377455bee9 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Fri, 8 Jun 2018 11:40:42 +0300 Subject: [PATCH 035/140] Fixes for proper EIP handling --- bin/v-change-sys-ip-nat | 86 ++++++++++++-------- bin/v-change-web-domain-ip | 2 +- bin/v-update-sys-ip | 155 ++++++++++++++++++------------------- 3 files changed, 130 insertions(+), 113 deletions(-) diff --git a/bin/v-change-sys-ip-nat b/bin/v-change-sys-ip-nat index 58232212..a3b24830 100755 --- a/bin/v-change-sys-ip-nat +++ b/bin/v-change-sys-ip-nat @@ -34,48 +34,72 @@ is_ip_valid "$ip" # Action # #----------------------------------------------------------# -# Changing nat ip +# Updating IP if [ -z "$(grep NAT= $VESTA/data/ips/$ip)" ]; then sed -i "s/^TIME/NAT='$nat_ip'\nTIME/g" $VESTA/data/ips/$ip + old='' + new=$nat_ip else - update_ip_value '$NAT' "$nat_ip" -fi - -# Check ftp system -if [ "$FTP_SYSTEM" = 'vsftpd' ]; then - - # Find configuration - if [ -e '/etc/vsftpd/vsftpd.conf' ]; then - conf='/etc/vsftpd/vsftpd.conf' - fi - - if [ -e '/etc/vsftpd.conf' ]; then - conf='/etc/vsftpd.conf' - fi - - # Update config - if [ -z "$(grep pasv_address $conf)" ]; then - if [ ! -z "$nat_ip" ]; then - echo "pasv_address=$nat_ip" >> $conf - fi - else - if [ ! -z "$nat_ip" ]; then - sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf - else - sed -i "/pasv_address/d" $conf - fi + old=$(get_ip_value '$NAT') + new=$nat_ip + sed -i "s/NAT=.*/NAT='$new'/" $VESTA/data/ips/$ip + if [ -z "$nat_ip" ]; then + new=$ip fi fi +# Updating WEB configs +if [ ! -z "$old" ] && [ ! -z "$WEB_SYSTEM" ]; then + sed -i "s/$old/$new/" $VESTA/data/users/*/web.conf + for user in $(ls $VESTA/data/users/); do + $BIN/v-rebuild-web-domains $user no + done + $BIN/v-restart-dns $restart +fi + +# Updating DNS configs +if [ ! -z "$old" ] && [ ! -z "$DNS_SYSTEM" ]; then + sed -i "s/$old/$new/" $VESTA/data/users/*/dns.conf + sed -i "s/$old/$new/" $VESTA/data/users/*/dns/*.conf + for user in $(ls $VESTA/data/users/); do + $BIN/v-rebuild-dns-domains $user no + done + $BIN/v-restart-dns $restart +fi + +# Updating FTP +if [ ! -z "$old" ] && [ ! -z "$FTP_SYSTEM" ]; then + conf=$(find /etc -name $FTP_SYSTEM.conf) + if [ -e "$conf" ]; then + sed -i "s/$old/$new/g" $conf + if [ "$FTP_SYSTEM" = 'vsftpd' ]; then + check_pasv=$(grep pasv_address $conf) + if [ -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then + echo "pasv_address=$nat_ip" >> $conf + fi + if [ ! -z "$check_pasv" ] && [ -z "$nat_ip" ]; then + sed -i "/pasv_address/d" $conf + fi + if [ ! -z "$check_pasv" ] && [ ! -z "$nat_ip" ]; then + sed -i "s/pasv_address=.*/pasv_address='$nat_ip'/g" $conf + fi + fi + fi + $BIN/v-restart-ftp $restart +fi + +# Updating firewall +if [ ! -z "$old" ] && [ ! -z "$FIREWALL_SYSTEM" ]; then + sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf + $BIN/v-update-firewall +fi + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# -# Restart ftp server -$BIN/v-restart-ftp $restart -check_result $? "FTP restart failed" >/dev/null - # Logging log_history "changed associated nat address on $ip to $nat_ip" '' 'admin' log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-change-web-domain-ip b/bin/v-change-web-domain-ip index 17eb55d9..5b2ab31b 100755 --- a/bin/v-change-web-domain-ip +++ b/bin/v-change-web-domain-ip @@ -49,7 +49,7 @@ is_ip_valid "$ip" "$user" # Preparing variables for vhost replace get_domain_values 'web' old=$(get_real_ip $IP) -new=$ip +new=$(get_real_ip $ip) # Replacing vhost replace_web_config "$WEB_SYSTEM" "$TPL.tpl" diff --git a/bin/v-update-sys-ip b/bin/v-update-sys-ip index ce91ce96..956d4f10 100755 --- a/bin/v-update-sys-ip +++ b/bin/v-update-sys-ip @@ -1,6 +1,6 @@ #!/bin/bash # info: update system ip -# options: [USER] [IP_STATUS] +# options: [NONE] # # The function scans configured ip in the system and register them with vesta # internal database. This call is intended for use on vps servers, where ip is @@ -11,14 +11,11 @@ # Variable&Function # #----------------------------------------------------------# -# Argument definition -user=${1-admin} -ip_status=${2-shared} +# Importing system variables +source /etc/profile # Includes -source /etc/profile.d/vesta.sh source $VESTA/func/main.sh -source $VESTA/func/ip.sh source $VESTA/conf/vesta.conf @@ -26,87 +23,84 @@ source $VESTA/conf/vesta.conf # Verifications # #----------------------------------------------------------# -check_args '0' "$#" '[USER] [IP_STATUS]' -is_format_valid 'user' 'ip_status' -is_object_valid 'user' 'USER' "$user" "$user" - #----------------------------------------------------------# # Action # #----------------------------------------------------------# -# Get list of ip addresses -ip_list=$(/sbin/ip addr|grep 'inet '|grep global|awk '{print $2}') -ip_list=$(echo "$ip_list"|cut -f 1 -d /) -ip_num=$(echo "$ip_list" | wc -l) +# Listing system ip addresses +ips=$(/sbin/ip addr |grep 'inet ' |grep global |awk '{print $2}' |cut -f1 -d/) +v_ips=$(ls $VESTA/data/ips/) +ip_num=$(echo "$ips" |wc -l) +v_ip_num=$(echo "$v_ips" |wc -l) -# WorkAround for DHCP IP address -vst_ip_list=$(ls $VESTA/data/ips/) -vst_ip_num=$(echo "$vst_ip_list" | wc -l) - -if [ ! -z "$vst_ip_list" ] && [ "$vst_ip_num" -eq '1' ]; then - if [ $ip_num -eq 1 ] && [ "$ip_list" != "$vst_ip_list" ]; then - new=$ip_list - old=$vst_ip_list - mv $VESTA/data/ips/$old $VESTA/data/ips/$new - if [ ! -z "$PROXY_SYSTEM" ]; then - mv /etc/$PROXY_SYSTEM/conf.d/$old.conf \ - /etc/$PROXY_SYSTEM/conf.d/$new.conf - sed -i "s/$old/$new/g" /etc/$PROXY_SYSTEM/conf.d/$new.conf - fi - if [ ! -z "$WEB_SYSTEM" ]; then - mv /etc/$WEB_SYSTEM/conf.d/$old.conf \ - /etc/$WEB_SYSTEM/conf.d/$new.conf - sed -i "s/$old/$new/g" /etc/$WEB_SYSTEM/conf.d/$new.conf - sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf - - # Rebuild web domains - for user in $(ls $VESTA/data/users/); do - $BIN/v-rebuild-web-domains $user no - done - fi - if [ ! -z "$FTP_SYSTEM" ];then - ftpd_conf_file=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf) - sed -i "s/$old/$new/g" $ftpd_conf_file - fi - - # Restarting web server - $BIN/v-restart-web - - # Restarting ftp server - $BIN/v-restart-ftp - - # Restarting proxy server - if [ ! -z "$PROXY_SYSTEM" ]; then - $BIN/v-restart-proxy - fi - - # Restarting firewall - if [ ! -z "$FIREWALL_SYSTEM" ]; then - $BIN/v-update-firewall - fi - - if [ ! -z "$DNS_SYSTEM" ]; then - # Rebuild dns domains - for user in $(ls $VESTA/data/users/); do - sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns.conf - sed -i "s/$old/$new/g" $VESTA/data/users/$user/dns/*.conf - $BIN/v-rebuild-dns-domains $user no - done - $BIN/v-restart-dns - check_result $? "dns restart failed" >/dev/null - fi - - # No further comparation is needed - exit +# Checking primary IP change +if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then + if [ "$ips" != "$v_ips" ]; then + new=$ips + old=$v_ips fi fi -# Compare ips -for ip in $ip_list; do +# Updating configs +if [ ! -z "$new" ]; then + mv $VESTA/data/ips/$old $VESTA/data/ips/$new + + # Updating PROXY + if [ ! -z "$PROXY_SYSTEM" ]; then + cd /etc/$PROXY_SYSTEM/conf.d + if [ -e "$old.conf" ]; then + mv $old.conf $new.conf + sed -i "s/$old/$new/g" $new.conf + $BIN/v-restart-proxy + fi + fi + + # Updating WEB + if [ ! -z "$WEB_SYSTEM" ]; then + cd /etc/$WEB_SYSTEM/conf.d + if [ -e "$old.conf" ]; then + mv $old.conf $new.conf + sed -i "s/$old/$new/g" $new.conf + fi + sed -i "s/$old/$new/g" $VESTA/data/users/*/web.conf + for user in $(ls $VESTA/data/users/); do + $BIN/v-rebuild-web-domains $user no + done + $BIN/v-restart-web + fi + + # Updating DNS + if [ ! -z "$DNS_SYSTEM" ]; then + sed -i "s/$old/$new/g" $VESTA/data/users/*/dns.conf + sed -i "s/$old/$new/g" $VESTA/data/users/*/dns/*.conf + for user in $(ls $VESTA/data/users/); do + $BIN/v-rebuild-dns-domains $user no + done + $BIN/v-restart-dns + fi + + # Updating FTP + if [ ! -z "$FTP_SYSTEM" ] && [ "$FTP_SYSTEM" = 'vsftpd' ]; then + conf=$(find /etc/ -maxdepth 2 -name $FTP_SYSTEM.conf) + if [ ! -z "$conf" ]; then + sed -i "s/$old/$new/g" $conf + $BIN/v-restart-ftp + fi + fi + + # Updating firewall + if [ ! -z "$FIREWALL_SYSTEM" ]; then + sed -i "s/$old/$new/g" $VESTA/data/firewall/*.conf + $BIN/v-update-firewall + fi +fi + +# Adding system IP +for ip in $ips; do check_ifconfig=$(/sbin/ifconfig |grep "$ip") if [ ! -e "$VESTA/data/ips/$ip" ] && [ ! -z "$check_ifconfig" ]; then - interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}'|uniq) + interface=$(/sbin/ip addr |grep $ip |awk '{print $NF}' |uniq) interface=$(echo "$interface" |cut -f 1 -d : |head -n 1) netmask=$(/sbin/ip addr |grep $ip |cut -f 2 -d / |cut -f 1 -d \ ) netmask=$(convert_cidr $netmask) @@ -114,12 +108,11 @@ for ip in $ip_list; do fi done -# Checking NAT +# Updating NAT pub_ip=$(curl -s vestacp.com/what-is-my-ip/) -if [ ! -z "$pub_ip" ] && [ ! -e "$VESTA/data/ips/$pub_ip" ]; then - check_nat=$(grep -R "$pub_ip" $VESTA/data/ips/) - if [ -z "$check_nat" ]; then - ip=$(ls -t $VESTA/data/ips/|head -n1) +if [ ! -e "$VESTA/data/ips/$pub_ip" ]; then + if [ -z "$(grep -R "$pub_ip" $VESTA/data/ips/)" ]; then + ip=$(ls -t $VESTA/data/ips/ |head -n1) $BIN/v-change-sys-ip-nat $ip $pub_ip fi fi From 4880746f8f628788c2736758b47dc179a5079dc2 Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Mon, 11 Jun 2018 20:21:13 +0300 Subject: [PATCH 036/140] Minor fix --- install/vst-install-ubuntu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 39840bbc..ef835fef 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -943,7 +943,7 @@ done if [ "$vsftpd" = 'yes' ]; then cp -f $vestacp/vsftpd/vsftpd.conf /etc/ - touch /var/log//vsftpd.log + touch /var/log/vsftpd.log chown root:adm /var/log/vsftpd.log chmod 640 /var/log/vsftpd.log touch /var/log/xferlog From ee03eff016e03cb76fac7ae3a0f9d1ef0f8ee35b Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 13 Jun 2018 17:08:36 +0300 Subject: [PATCH 037/140] udapted package defenition --- install/vst-install-ubuntu.sh | 60 +++++++++++------------------------ 1 file changed, 19 insertions(+), 41 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index ef835fef..22425d43 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -18,45 +18,24 @@ release="$(lsb_release -s -r)" codename="$(lsb_release -s -c)" vestacp="$VESTA/install/$VERSION/$release" -if [ "$release" = '16.04' ] || [ "$release" = '18.04' ]; then - software="nginx apache2 apache2-utils apache2.2-common - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf - libapache2-mod-fcgid libapache2-mod-php php php-common php-cgi - php-mysql php-curl php-fpm php-pgsql awstats webalizer vsftpd - proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon - spamassassin dovecot-imapd dovecot-pop3d roundcube-core - roundcube-mysql roundcube-plugins mysql-server mysql-common - mysql-client postgresql postgresql-contrib phppgadmin phpmyadmin mc - flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota - e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils - bsdmainutils cron vesta vesta-nginx vesta-php expect vim-common - vesta-ioncube vesta-softaculous apparmor-utils" -elif [ "$release" = '16.10' ] || [ "$release" = '17.10' ]; then - software="nginx apache2 apache2-utils apache2.2-common - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf - libapache2-mod-fcgid libapache2-mod-php7.0 php7.0 php7.0-common - php7.0-cgi php7.0-mysql php7.0-curl php7.0-fpm php7.0-pgsql awstats - webalizer vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy - clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core - roundcube-mysql roundcube-plugins mysql-server mysql-common - mysql-client postgresql postgresql-contrib phppgadmin phpmyadmin mc - flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota - e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils - bsdmainutils cron vesta vesta-nginx vesta-php expect vim-common - vesta-ioncube vesta-softaculous apparmor-utils" -else - software="nginx apache2 apache2-utils apache2.2-common - apache2-suexec-custom libapache2-mod-ruid2 libapache2-mod-rpaf - libapache2-mod-fcgid libapache2-mod-php5 php5 php5-common php5-cgi - php5-mysql php5-curl php5-fpm php5-pgsql awstats webalizer vsftpd - proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon - spamassassin dovecot-imapd dovecot-pop3d roundcube-core - roundcube-mysql roundcube-plugins mysql-server mysql-common - mysql-client postgresql postgresql-contrib phppgadmin phpMyAdmin mc - flex whois rssh git idn zip sudo bc ftp lsof ntpdate rrdtool quota - e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils - bsdmainutils cron vesta vesta-nginx vesta-php expect vim-common - vesta-ioncube vesta-softaculous" +# Defining software pack for all distros +software="apache2 apache2.2-common apache2-suexec-custom apache2-utils + apparmor-utils awstats bc bind9 bsdmainutils bsdutils clamav-daemon + cron curl dnsutils dovecot-imapd dovecot-pop3d e2fslibs e2fsprogs exim4 + exim4-daemon-heavy expect fail2ban flex ftp git idn imagemagick + libapache2-mod-fcgid libapache2-mod-php libapache2-mod-rpaf + libapache2-mod-ruid2 lsof mc mysql-client mysql-common mysql-server nginx + ntpdate php-cgi php-common php-curl php-fpm phpmyadmin php-mysql + phppgadmin php-pgsql postgresql postgresql-contrib proftpd-basic quota + roundcube-core roundcube-mysql roundcube-plugins rrdtool rssh spamassassin + sudo vesta vesta-ioncube vesta-nginx vesta-php vesta-softaculous + vim-common vsftpd webalizer whois zip" + +# Fix for old releases +if [[ ${release:0:2} -lt 16 ]]; then + software=$(echo "$software" |sed -e "s/php /php5 /") + software=$(echo "$software" |sed -e "s/php-/php5-/") + software=$(echo "$software" |sed -e "s/mod-php/mod-php5/") fi # Defining help function @@ -1267,7 +1246,6 @@ fi # Adding default domain $VESTA/bin/v-add-domain admin $servername -codename="$codename:$(echo $vpass:$servername | base64)" # Adding cron jobs command="sudo $VESTA/bin/v-update-sys-queue disk" @@ -1320,7 +1298,7 @@ $VESTA/bin/v-add-cron-vesta-autoupdate wget vestacp.com/notify/?$codename -O /dev/null -q # Comparing hostname and IP -host_ip=$(host $servername| head -n 1 | awk '{print $NF}') +host_ip=$(host $servername| head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then ip="$servername" fi From 6b2fafccb23ddaec7d1000d849d1780ae639d6dc Mon Sep 17 00:00:00 2001 From: TJ Date: Wed, 13 Jun 2018 19:58:26 +0300 Subject: [PATCH 038/140] Fixing the change password for Roundcube to work with Ubuntu --- install/ubuntu/16.04/roundcube/vesta.php | 6 ++++-- install/ubuntu/16.10/roundcube/vesta.php | 5 +++-- install/ubuntu/17.04/roundcube/vesta.php | 6 ++++-- install/ubuntu/17.10/roundcube/vesta.php | 5 +++-- install/ubuntu/18.04/roundcube/vesta.php | 5 +++-- 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/install/ubuntu/16.04/roundcube/vesta.php b/install/ubuntu/16.04/roundcube/vesta.php index 99e1d4bc..b6646b2b 100644 --- a/install/ubuntu/16.04/roundcube/vesta.php +++ b/install/ubuntu/16.04/roundcube/vesta.php @@ -6,8 +6,9 @@ * @version 1.0 * @author Serghey Rodin */ - - function password_save($curpass, $passwd) +class rcube_vesta_password +{ + function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $vesta_host = $rcmail->config->get('password_vesta_host'); @@ -69,3 +70,4 @@ } } +} \ No newline at end of file diff --git a/install/ubuntu/16.10/roundcube/vesta.php b/install/ubuntu/16.10/roundcube/vesta.php index 99e1d4bc..b4a2a6b6 100644 --- a/install/ubuntu/16.10/roundcube/vesta.php +++ b/install/ubuntu/16.10/roundcube/vesta.php @@ -6,8 +6,8 @@ * @version 1.0 * @author Serghey Rodin */ - - function password_save($curpass, $passwd) +class rcube_vesta_password { + function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $vesta_host = $rcmail->config->get('password_vesta_host'); @@ -69,3 +69,4 @@ } } +} \ No newline at end of file diff --git a/install/ubuntu/17.04/roundcube/vesta.php b/install/ubuntu/17.04/roundcube/vesta.php index 99e1d4bc..b6646b2b 100644 --- a/install/ubuntu/17.04/roundcube/vesta.php +++ b/install/ubuntu/17.04/roundcube/vesta.php @@ -6,8 +6,9 @@ * @version 1.0 * @author Serghey Rodin */ - - function password_save($curpass, $passwd) +class rcube_vesta_password +{ + function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $vesta_host = $rcmail->config->get('password_vesta_host'); @@ -69,3 +70,4 @@ } } +} \ No newline at end of file diff --git a/install/ubuntu/17.10/roundcube/vesta.php b/install/ubuntu/17.10/roundcube/vesta.php index 99e1d4bc..c271004d 100644 --- a/install/ubuntu/17.10/roundcube/vesta.php +++ b/install/ubuntu/17.10/roundcube/vesta.php @@ -6,8 +6,8 @@ * @version 1.0 * @author Serghey Rodin */ - - function password_save($curpass, $passwd) +class rcube_vesta_password { + function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $vesta_host = $rcmail->config->get('password_vesta_host'); @@ -69,3 +69,4 @@ } } +} diff --git a/install/ubuntu/18.04/roundcube/vesta.php b/install/ubuntu/18.04/roundcube/vesta.php index 99e1d4bc..b4a2a6b6 100644 --- a/install/ubuntu/18.04/roundcube/vesta.php +++ b/install/ubuntu/18.04/roundcube/vesta.php @@ -6,8 +6,8 @@ * @version 1.0 * @author Serghey Rodin */ - - function password_save($curpass, $passwd) +class rcube_vesta_password { + function save($curpass, $passwd) { $rcmail = rcmail::get_instance(); $vesta_host = $rcmail->config->get('password_vesta_host'); @@ -69,3 +69,4 @@ } } +} \ No newline at end of file From f59ebc4f65aa6b9e026d9a049766111c84a0c1e8 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 14 Jun 2018 18:00:44 +0300 Subject: [PATCH 039/140] Fix: nginx restart order --- bin/v-update-sys-ip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-update-sys-ip b/bin/v-update-sys-ip index 956d4f10..8c0da087 100755 --- a/bin/v-update-sys-ip +++ b/bin/v-update-sys-ip @@ -52,7 +52,6 @@ if [ ! -z "$new" ]; then if [ -e "$old.conf" ]; then mv $old.conf $new.conf sed -i "s/$old/$new/g" $new.conf - $BIN/v-restart-proxy fi fi @@ -67,6 +66,7 @@ if [ ! -z "$new" ]; then for user in $(ls $VESTA/data/users/); do $BIN/v-rebuild-web-domains $user no done + $BIN/v-restart-proxy $BIN/v-restart-web fi From 955f3e7510b8e14a24870eec1da34b94222d79a5 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 21 Jun 2018 11:39:14 +0300 Subject: [PATCH 040/140] cosmetix fixes in ubuntu installer --- install/vst-install-ubuntu.sh | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 22425d43..fdb95db3 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -495,7 +495,7 @@ cp -r /etc/bind/* $vst_backups/bind > /dev/null 2>&1 service vsftpd stop > /dev/null 2>&1 cp /etc/vsftpd.conf $vst_backups/vsftpd > /dev/null 2>&1 -# Backing up ProFTPD configuration +# Backup ProFTPD configuration service proftpd stop > /dev/null 2>&1 cp /etc/proftpd.conf $vst_backups/proftpd > /dev/null 2>&1 @@ -623,18 +623,18 @@ fi # Install packages # #----------------------------------------------------------# -# Update system packages +# Updating system apt-get update -# Disable daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz -echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d -chmod a+x /usr/sbin/policy-rc.d +# Disabling daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz +#echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d +#chmod a+x /usr/sbin/policy-rc.d -# Install apt packages +# Installing apt packages apt-get -y install $software check_result $? "apt-get install failed" -# Restore policy +# Restoring policy rm -f /usr/sbin/policy-rc.d @@ -642,26 +642,28 @@ rm -f /usr/sbin/policy-rc.d # Configure system # #----------------------------------------------------------# -# Enable SSH password auth +# Enabling SSH password auth sed -i "s/rdAuthentication no/rdAuthentication yes/g" /etc/ssh/sshd_config service ssh restart -# Disable AWStats cron +# Disabling AWStats cron rm -f /etc/cron.d/awstats # Set directory color echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile -# Register /usr/sbin/nologin -echo "/usr/sbin/nologin" >> /etc/shells +# Registering /usr/sbin/nologin +if [ -z "$(grep nologin /etc/shells)" ]; then + echo "/usr/sbin/nologin" >> /etc/shells +fi -# NTP Sync +# Configuring NTP echo '#!/bin/sh' > /etc/cron.daily/ntpdate echo "$(which ntpdate) -s ntp.ubuntu.com" >> /etc/cron.daily/ntpdate chmod 775 /etc/cron.daily/ntpdate ntpdate -s ntp.ubuntu.com -# Setup rssh +# Adding rssh if [ -z "$(grep /usr/bin/rssh /etc/shells)" ]; then echo /usr/bin/rssh >> /etc/shells fi @@ -704,7 +706,6 @@ chmod -R 750 $VESTA/data/queue chmod 660 $VESTA/log/* rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta -chown admin:admin $VESTA/data/sessions chmod 770 $VESTA/data/sessions # Generating Vesta configuration From 17d0fb114ebe15f89db4284316a17cf8e20de51e Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 21 Jun 2018 11:40:07 +0300 Subject: [PATCH 041/140] fix for debian and amazon installers --- install/vst-install.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/install/vst-install.sh b/install/vst-install.sh index 4bd4cc20..aa9ecbf6 100755 --- a/install/vst-install.sh +++ b/install/vst-install.sh @@ -9,6 +9,7 @@ # CentOS 5, 6, 7 # Debian 7, 8 # Ubuntu 12.04 - 18.04 +# Amazon Linux 2017 # # Am I root? @@ -45,11 +46,6 @@ case $(head -n1 /etc/issue | cut -f 1 -d ' ') in *) type="rhel" ;; esac -# Fallback to Ubuntu -if [ ! -e "/etc/redhat-release" ]; then - type='ubuntu' -fi - # Check wget if [ -e '/usr/bin/wget' ]; then wget http://vestacp.com/pub/vst-install-$type.sh -O vst-install-$type.sh From ca3956568becfcf9ab5bb67d0637a88b8bc5b0aa Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 21 Jun 2018 15:40:22 +0300 Subject: [PATCH 042/140] Updated CentOS installer --- install/vst-install-rhel.sh | 334 +++++++++++++++++------------------- 1 file changed, 154 insertions(+), 180 deletions(-) diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 436517b1..07df0713 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -16,30 +16,27 @@ arch=$(uname -i) os=$(cut -f 1 -d ' ' /etc/redhat-release) release=$(grep -o "[0-9]" /etc/redhat-release |head -n1) codename="${os}_$release" -vestacp="http://$CHOST/$VERSION/$release" +vestacp="$VESTA/install/$VERSION/$release" -if [ "$release" -eq 7 ]; then - software="nginx httpd mod_ssl mod_ruid2 mod_fcgid php php-common php-cli - php-bcmath php-gd php-imap php-mbstring php-mcrypt php-mysql php-pdo - php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql awstats webalizer - vsftpd proftpd bind bind-utils bind-libs exim dovecot clamav-server - clamav-update spamassassin roundcubemail mariadb mariadb-server phpMyAdmin - postgresql postgresql-server postgresql-contrib phpPgAdmin e2fsprogs - openssh-clients ImageMagick curl mc screen ftp zip unzip flex sqlite pcre - sudo bc jwhois mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype - fail2ban rsyslog iptables-services which vesta vesta-nginx vesta-php - vim-common expect vesta-ioncube vesta-softaculous" -else - software="nginx httpd mod_ssl mod_ruid2 mod_fcgid mod_extract_forwarded - php php-common php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt - php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql - awstats webalizer vsftpd proftpd bind bind-utils bind-libs exim dovecot - clamd spamassassin roundcubemail mysql mysql-server phpMyAdmin postgresql - postgresql-server postgresql-contrib phpPgAdmin e2fsprogs openssh-clients - ImageMagick curl mc screen ftp zip unzip flex sqlite pcre sudo bc jwhois - mailx lsof tar telnet rrdtool net-tools ntp GeoIP freetype fail2ban - which vesta vesta-nginx vesta-php vim-common expect vesta-ioncube - vesta-softaculous" +# Defining software pack for all distros +software="awstats bc bind bind-libs bind-utils clamav-server clamav-update + curl dovecot e2fsprogs exim expect fail2ban flex freetype ftp GeoIP httpd + ImageMagick iptables-services jwhois lsof mailx mariadb mariadb-server mc + mod_fcgid mod_ruid2 mod_ssl net-tools nginx ntp openssh-clients pcre php + php-bcmath php-cli php-common php-fpm php-gd php-imap php-mbstring + php-mcrypt phpMyAdmin php-mysql php-pdo phpPgAdmin php-pgsql php-soap + php-tidy php-xml php-xmlrpc postgresql postgresql-contrib + postgresql-server proftpd roundcubemail rrdtool rsyslog screen + spamassassin sqlite sudo tar telnet unzip vesta vesta-ioncube vesta-nginx + vesta-php vesta-softaculous vim-common vsftpd webalizer which zip" + +# Fix for old releases +if [ "$release" -lt 7 ]; then + software=$(echo "$software" |sed -e "s/mariadb/mysql/") + software=$(echo "$software" |sed -e "s/clamav-server/clamd/") + software=$(echo "$software" |sed -e "s/clamav-update//") + software=$(echo "$software" |sed -e "s/iptables-services//") + software="$software mod_extract_forwarded" fi # Defining help function @@ -105,7 +102,7 @@ set_default_value() { fi } -# Define function to set default language value +# Defining function to set default language value set_default_lang() { if [ -z "$lang" ]; then eval lang=$1 @@ -125,9 +122,6 @@ set_default_lang() { # Verifications # #----------------------------------------------------------# -# Creating temporary file -tmpfile=$(mktemp -p /tmp) - # Translating argument to --gnu-long-options for arg; do delim="" @@ -239,7 +233,6 @@ if [ "$iptables" = 'no' ]; then fail2ban='no' fi - # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then check_result 1 "Script can be run executed only by root" @@ -260,16 +253,18 @@ if [ ! -e '/usr/bin/wget' ]; then fi # Checking repository availability -wget -q "$vestacp/GPG.txt" -O /dev/null +wget -q "c.vestacp.com/GPG.txt" -O /dev/null check_result $? "No access to Vesta repository" # Checking installed packages +tmpfile=$(mktemp -p /tmp) rpm -qa > $tmpfile for pkg in exim mysql-server httpd nginx vesta; do if [ ! -z "$(grep $pkg $tmpfile)" ]; then conflicts="$pkg $conflicts" fi done +rm -f $tmpfile if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo @@ -290,7 +285,7 @@ fi # Brief Info # #----------------------------------------------------------# -# Printing nice ascii as logo +# Printing nice ASCII logo clear echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' @@ -302,7 +297,7 @@ echo echo ' Vesta Control Panel' echo -e "\n\n" -echo 'Following software will be installed on your system:' +echo 'The following software will be installed on your system:' # Web stack if [ "$nginx" = 'yes' ]; then @@ -323,16 +318,16 @@ if [ "$named" = 'yes' ]; then echo ' - Bind DNS Server' fi -# Mail Stack +# Mail stack if [ "$exim" = 'yes' ]; then - echo -n ' - Exim mail server' + echo -n ' - Exim Mail Server' if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then echo -n ' + ' if [ "$clamd" = 'yes' ]; then - echo -n 'Antivirus ' + echo -n 'ClamAV ' fi if [ "$spamd" = 'yes' ]; then - echo -n 'Antispam' + echo -n 'SpamAssassin' fi fi echo @@ -341,9 +336,9 @@ if [ "$exim" = 'yes' ]; then fi fi -# DB stack +# Database stack if [ "$mysql" = 'yes' ]; then - if [ $release = 7 ]; then + if [ $release -ge 7 ]; then echo ' - MariaDB Database Server' else echo ' - MySQL Database Server' @@ -393,7 +388,7 @@ if [ "$interactive" = 'yes' ]; then # Asking to set FQDN hostname if [ -z "$servername" ]; then - read -p "Please enter FQDN hostname [$(hostname)]: " servername + read -p "Please enter FQDN hostname [$(hostname -f)]: " servername fi fi @@ -448,10 +443,10 @@ fi #----------------------------------------------------------# -# Install repositories # +# Install repository # #----------------------------------------------------------# -# Updating system packages +# Updating system yum -y update check_result $? 'yum update failed' @@ -460,8 +455,8 @@ yum install epel-release -y check_result $? "Can't install EPEL repository" # Installing Remi repository -if [ "$remi" = 'yes' ]; then - rpm -Uvh --force $vestacp/remi-release.rpm +if [ "$remi" = 'yes' ] && [ ! -e "/etc/yum.repos.d/remi.repo" ]; then + rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-$release.rpm check_result $? "Can't install REMI repository" sed -i "s/enabled=0/enabled=1/g" /etc/yum.repos.d/remi.repo fi @@ -482,7 +477,7 @@ echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo echo "enabled=1" >> $vrepo echo "gpgcheck=1" >> $vrepo echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo -wget $vestacp/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA +wget c.vestacp.com/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA #----------------------------------------------------------# @@ -495,53 +490,53 @@ cd $vst_backups mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ spamassassin mysql postgresql mongodb vesta -# Backing up Nginx configuration +# Backup Nginx configuration service nginx stop > /dev/null 2>&1 cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 -# Backing up Apache configuration +# Backup Apache configuration service httpd stop > /dev/null 2>&1 cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 -# Backing up PHP configuration +# Backup PHP-FPM configuration service php-fpm stop >/dev/null 2>&1 cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 -# Backing up Bind configuration +# Backup Bind configuration yum remove bind-chroot > /dev/null 2>&1 service named stop > /dev/null 2>&1 cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 -# Backing up Vsftpd configuration +# Backup Vsftpd configuration service vsftpd stop > /dev/null 2>&1 cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 -# Backing up ProFTPD configuration +# Backup ProFTPD configuration service proftpd stop > /dev/null 2>&1 cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 -# Backing up Exim configuration +# Backup Exim configuration service exim stop > /dev/null 2>&1 cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 -# Backing up ClamAV configuration +# Backup ClamAV configuration service clamd stop > /dev/null 2>&1 cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 -# Backing up SpamAssassin configuration +# Backup SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 -# Backing up Dovecot configuration +# Backup Dovecot configuration service dovecot stop > /dev/null 2>&1 cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 -# Backing up MySQL/MariaDB configuration and data +# Backup MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 service mysqld stop > /dev/null 2>&1 service mariadb stop > /dev/null 2>&1 @@ -550,18 +545,18 @@ cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 -# Backing up MySQL/MariaDB configuration and data +# Backup MySQL/MariaDB configuration and data service postgresql stop > /dev/null 2>&1 mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 -# Backing up Vesta configuration and data +# Backup Vesta service vesta stop > /dev/null 2>&1 mv $VESTA/data/* $vst_backups/vesta > /dev/null 2>&1 mv $VESTA/conf/* $vst_backups/vesta > /dev/null 2>&1 #----------------------------------------------------------# -# Package Exludes # +# Package Excludes # #----------------------------------------------------------# # Excluding packages @@ -636,17 +631,17 @@ fi #----------------------------------------------------------# # Installing rpm packages -#if [ "$remi" = 'yes' ]; then -# yum -y --disablerepo=* \ -# --enablerepo="*base,*updates,nginx,epel,vesta,remi*" \ -# install $software -#else -# yum -y --disablerepo=* --enablerepo="*base,*updates,nginx,epel,vesta" \ -# install $software -#fi - -# Temporary fix for centos vault issue -yum install $software +yum install -y $software +if [ $? -ne 0 ]; then + if [ "$remi" = 'yes' ]; then + yum -y --disablerepo=* \ + --enablerepo="*base,*updates,nginx,epel,vesta,remi*" \ + install $software + else + yum -y --disablerepo=* --enablerepo="*base,*updates,nginx,epel,vesta" \ + install $software + fi +fi check_result $? "yum install failed" @@ -674,7 +669,7 @@ if [ -e '/etc/sysconfig/selinux' ]; then setenforce 0 2>/dev/null fi -# Disable iptables +# Disablng iptables service iptables stop # Configuring NTP synchronization @@ -691,7 +686,7 @@ adduser backup 2>/dev/null ln -sf /home/backup /backup chmod a+x /backup -# Chaning default directory color +# Set directory color echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile # Changing default systemd interval @@ -707,9 +702,9 @@ fi # Configure VESTA # #----------------------------------------------------------# -# Downlading sudo configuration +# Installing sudo configuration mkdir -p /etc/sudoers.d -wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env @@ -721,9 +716,9 @@ echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile # Configuring logrotate for vesta logs -wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ -# Buidling directory tree and creating some blank files for vesta +# Building directory tree and creating some blank files for Vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ $VESTA/data/sessions @@ -737,14 +732,13 @@ chmod 660 $VESTA/log/* rm -f /var/log/vesta ln -s $VESTA/log /var/log/vesta chmod 770 $VESTA/data/sessions -chown admin:admin $VESTA/data/sessions -# Generating vesta configuration +# Generating Vesta configuration rm -f $VESTA/conf/vesta.conf 2>/dev/null touch $VESTA/conf/vesta.conf chmod 660 $VESTA/conf/vesta.conf -# WEB stack +# Web stack if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf @@ -802,7 +796,7 @@ if [ "$exim" = 'yes' ]; then fi fi -# CRON daemon +# Cron daemon echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf # Firewall stack @@ -827,26 +821,18 @@ echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf -# Downloading hosting packages -cd $VESTA/data -wget $vestacp/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ -# Downloading templates -wget $vestacp/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot -cp templates/web/skel/public_html/index.html /var/www/html/ +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/html/ sed -i 's/%domain%/It worked!/g' /var/www/html/index.html -# Downloading firewall rules -chkconfig firewalld off >/dev/null 2>&1 -wget $vestacp/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz +# Installing firewall rules +cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -875,16 +861,16 @@ rm /tmp/vst.pem if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf - wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf - wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf - wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc - wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc - wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc - wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains - if [ "$release" -eq 7 ]; then - mkdir /etc/systemd/system/nginx.service.d + if [ "$release" -ge 7 ]; then + mkdir -p /etc/systemd/system/nginx.service.d cd /etc/systemd/system/nginx.service.d echo "[Service]" > limits.conf echo "LimitNOFILE=500000" >> limits.conf @@ -894,7 +880,7 @@ if [ "$nginx" = 'yes' ]; then check_result $? "nginx start failed" # Workaround for OpenVZ/Virtuozzo - if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then echo "#Vesta: workraround for networkmanager" >> /etc/rc.local echo "sleep 3 && service nginx restart" >> /etc/rc.local fi @@ -906,29 +892,30 @@ fi #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then - cd /etc/httpd - wget $vestacp/httpd/httpd.conf -O conf/httpd.conf - wget $vestacp/httpd/status.conf -O conf.d/status.conf - wget $vestacp/httpd/ssl.conf -O conf.d/ssl.conf - wget $vestacp/httpd/ruid2.conf -O conf.d/ruid2.conf - wget $vestacp/logrotate/httpd -O /etc/logrotate.d/httpd - if [ $release -ne 7 ]; then - echo "MEFaccept 127.0.0.1" >> conf.d/mod_extract_forwarded.conf - echo > conf.d/proxy_ajp.conf + cp -f $vestacp/httpd/httpd.conf /etc/httpd/conf/ + cp -f $vestacp/httpd/status.conf /etc/httpd/conf.d/ + cp -f $vestacp/httpd/ssl.conf /etc/httpd/conf.d/ + cp -f $vestacp/httpd/ruid2.conf /etc/httpd/conf.d/ + cp -f $vestacp/logrotate/httpd /etc/logrotate.d/ + if [ $release -lt 7 ]; then + cd /etc/httpd/conf.d + echo "MEFaccept 127.0.0.1" >> mod_extract_forwarded.conf + echo > proxy_ajp.conf fi - if [ -e "conf.modules.d/00-dav.conf" ]; then - sed -i "s/^/#/" conf.modules.d/00-dav.conf conf.modules.d/00-lua.conf - sed -i "s/^/#/" conf.modules.d/00-proxy.conf + if [ -e "/etc/httpd/conf.modules.d/00-dav.conf" ]; then + sed -i "s/^/#/" /etc/httpd/conf.modules.d/00-dav.conf + sed -i "s/^/#/" /etc/httpd/conf.modules.d/00-lua.conf + sed -i "s/^/#/" /etc/httpd/conf.modules.d/00-proxy.conf fi - echo > conf.d/vesta.conf - touch logs/access_log logs/error_log logs/error_log logs/suexec.log - chmod 640 logs/access_log logs/error_log logs/error_log logs/suexec.log + echo > /etc/httpd/conf.d/vesta.conf + touch /etc/httpd/logs/access_log /etc/httpd/logs/error_log + chmod 640 /etc/httpd/logs/access_log /etc/httpd/logs/error_log chmod -f 777 /var/lib/php/session chmod a+x /var/log/httpd mkdir -p /var/log/httpd/domains chmod 751 /var/log/httpd/domains - if [ "$release" -eq 7 ]; then - mkdir /etc/systemd/system/httpd.service.d + if [ "$release" -ge 7 ]; then + mkdir -p /etc/systemd/system/httpd.service.d cd /etc/systemd/system/httpd.service.d echo "[Service]" > limits.conf echo "LimitNOFILE=500000" >> limits.conf @@ -938,7 +925,7 @@ if [ "$apache" = 'yes' ]; then check_result $? "httpd start failed" # Workaround for OpenVZ/Virtuozzo - if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then echo "#Vesta: workraround for networkmanager" >> /etc/rc.local echo "sleep 2 && service httpd restart" >> /etc/rc.local fi @@ -950,7 +937,7 @@ fi #----------------------------------------------------------# if [ "$phpfpm" = 'yes' ]; then - wget $vestacp/php-fpm/www.conf -O /etc/php-fpm.d/www.conf + cp -f $vestacp/php-fpm/www.conf /etc/php-fpm.d/ chkconfig php-fpm on service php-fpm start check_result $? "php-fpm start failed" @@ -975,17 +962,14 @@ done #----------------------------------------------------------# -# Configure VSFTPD # +# Configure Vsftpd # #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then - wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd/vsftpd.conf + cp -f $vestacp/vsftpd/vsftpd.conf /etc/vsftpd/ chkconfig vsftpd on service vsftpd start check_result $? "vsftpd start failed" - - # To be deleted after release 0.9.8-18 - echo "/sbin/nologin" >> /etc/shells fi @@ -994,7 +978,7 @@ fi #----------------------------------------------------------# if [ "$proftpd" = 'yes' ]; then - wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd.conf + cp -f $vestacp/proftpd/proftpd.conf /etc/ chkconfig proftpd on service proftpd start check_result $? "proftpd start failed" @@ -1019,13 +1003,13 @@ if [ "$mysql" = 'yes' ]; then chown mysql:mysql /var/lib/mysql mkdir -p /etc/my.cnf.d - if [ $release -ne 7 ]; then + if [ $release -lt 7 ]; then service='mysqld' else service='mariadb' fi - wget $vestacp/$service/$mycnf -O /etc/my.cnf + cp -f $vestacp/$service/$mycnf /etc/my.cnf chkconfig $service on service $service start if [ "$?" -ne 0 ]; then @@ -1049,9 +1033,9 @@ if [ "$mysql" = 'yes' ]; then # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pma/phpMyAdmin.conf -O /etc/httpd/conf.d/phpMyAdmin.conf + cp -f $vestacp/pma/phpMyAdmin.conf /etc/httpd/conf.d/ fi - wget $vestacp/pma/config.inc.conf -O /etc/phpMyAdmin/config.inc.php + cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/ sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php fi @@ -1061,23 +1045,23 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then - if [ $release = 5 ]; then + if [ $release -eq 5 ]; then service postgresql start sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" service postgresql stop - wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf + cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start else service postgresql initdb - wget $vestacp/postgresql/pg_hba.conf -O /var/lib/pgsql/data/pg_hba.conf + cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pga/phpPgAdmin.conf -O /etc/httpd/conf.d/phpPgAdmin.conf + cp -f $vestacp/pga/phpPgAdmin.conf /etc/httpd/conf.d/ fi - wget $vestacp/pga/config.inc.php -O /etc/phpPgAdmin/config.inc.php + cp -f $vestacp/pga/config.inc.php /etc/phpPgAdmin/ fi @@ -1086,7 +1070,7 @@ fi #----------------------------------------------------------# if [ "$named" = 'yes' ]; then - wget $vestacp/named/named.conf -O /etc/named.conf + cp -f $vestacp/named/named.conf /etc/ chown root:named /etc/named.conf chmod 640 /etc/named.conf chkconfig named on @@ -1101,9 +1085,9 @@ fi if [ "$exim" = 'yes' ]; then gpasswd -a exim mail - wget $vestacp/exim/exim.conf -O /etc/exim/exim.conf - wget $vestacp/exim/dnsbl.conf -O /etc/exim/dnsbl.conf - wget $vestacp/exim/spam-blocks.conf -O /etc/exim/spam-blocks.conf + cp -f $vestacp/exim/exim.conf /etc/exim/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim/ touch /etc/exim/white-blocks.conf if [ "$spamd" = 'yes' ]; then @@ -1136,12 +1120,8 @@ fi if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail - wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz - wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot - cd /etc - rm -rf dovecot dovecot.conf - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz + cp -rf $vestacp/dovecot /etc/ + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* chkconfig dovecot on service dovecot start @@ -1157,19 +1137,17 @@ if [ "$clamd" = 'yes' ]; then useradd clam -s /sbin/nologin -d /var/lib/clamav 2>/dev/null gpasswd -a clam exim gpasswd -a clam mail - wget $vestacp/clamav/clamd.conf -O /etc/clamd.conf - wget $vestacp/clamav/freshclam.conf -O /etc/freshclam.conf - mkdir -p /var/log/clamav - mkdir -p /var/run/clamav + cp -f $vestacp/clamav/clamd.conf /etc/ + cp -f $vestacp/clamav/freshclam.conf /etc/ + mkdir -p /var/log/clamav /var/run/clamav chown clam:clam /var/log/clamav /var/run/clamav chown -R clam:clam /var/lib/clamav - if [ "$release" -eq '7' ]; then - wget $vestacp/clamav/clamd.service -O \ - /usr/lib/systemd/system/clamd.service + if [ "$release" -ge '7' ]; then + cp -f $vestacp/clamav/clamd.service /usr/lib/systemd/system/ systemctl --system daemon-reload fi /usr/bin/freshclam - if [ "$release" -eq '7' ]; then + if [ "$release" -ge '7' ]; then sed -i "s/nofork/foreground/" /usr/lib/systemd/system/clamd.service systemctl daemon-reload fi @@ -1187,7 +1165,7 @@ if [ "$spamd" = 'yes' ]; then chkconfig spamassassin on service spamassassin start check_result $? "spamassassin start failed" - if [ "$release" -eq '7' ]; then + if [ "$release" -ge '7' ]; then groupadd -g 1001 spamd useradd -u 1001 -g spamd -s /sbin/nologin -d \ /var/lib/spamassassin spamd @@ -1203,15 +1181,13 @@ fi if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then - wget $vestacp/roundcube/roundcubemail.conf \ - -O /etc/httpd/conf.d/roundcubemail.conf + cp -f $vestacp/roundcube/roundcubemail.conf /etc/httpd/conf.d/ fi - wget $vestacp/roundcube/main.inc.php -O /etc/roundcubemail/config.inc.php + cp -f $vestacp/roundcube/main.inc.php /etc/roundcubemail/config.inc.php cd /usr/share/roundcubemail/plugins/password - wget $vestacp/roundcube/vesta.php -O drivers/vesta.php - wget $vestacp/roundcube/config.inc.php -O config.inc.php - sed -i "s/localhost/$servername/g" \ - /usr/share/roundcubemail/plugins/password/config.inc.php + cp -f $vestacp/roundcube/vesta.php drivers/vesta.php + cp -f $vestacp/roundcube/config.inc.php config.inc.php + sed -i "s/localhost/$servername/g" config.inc.php chmod a+r /etc/roundcubemail/* chmod -f 777 /var/log/roundcubemail r="$(gen_pass)" @@ -1234,10 +1210,7 @@ fi #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then - cd /etc - wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz - tar -xzf fail2ban.tar.gz - rm -f fail2ban.tar.gz + cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) @@ -1256,9 +1229,9 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local - fi + fi chkconfig fail2ban on - /bin/mkdir -p /var/run/fail2ban + mkdir -p /var/run/fail2ban if [ -e "/usr/lib/systemd/system/fail2ban.service" ]; then exec_pre='ExecStartPre=/bin/mkdir -p /var/run/fail2ban' sed -i "s|\[Service\]|[Service]\n$exec_pre|g" \ @@ -1286,37 +1259,38 @@ if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then groupdel admin > /dev/null 2>&1 fi -# Adding vesta account +# Adding Vesta admin account $VESTA/bin/v-add-user admin $vpass $email default System Administrator check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash $VESTA/bin/v-change-user-language admin $lang -# Configuring system ips +# Configuring system IPs $VESTA/bin/v-update-sys-ip -# Get main ip +# Get main IP ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) -# Firewall configuration +# Configuring firewall if [ "$iptables" = 'yes' ]; then $VESTA/bin/v-update-firewall fi -# Get public ip +# Get public IP pub_ip=$(curl -s vestacp.com/what-is-my-ip/) if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then + echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local $VESTA/bin/v-change-sys-ip-nat $ip $pub_ip ip=$pub_ip fi -# Configuring mysql host +# Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then $VESTA/bin/v-add-database-host mysql localhost root $vpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi -# Configuring pgsql host +# Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql @@ -1324,8 +1298,8 @@ fi # Adding default domain $VESTA/bin/v-add-domain admin $servername -check_result $? "can't create $servername domain" +# Adding cron jobs command="sudo $VESTA/bin/v-update-sys-queue disk" $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue traffic" @@ -1342,7 +1316,7 @@ command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" service crond restart -# Building initial rrd images +# Building RRD images $VESTA/bin/v-update-sys-rrd # Enabling file system quota @@ -1355,7 +1329,7 @@ if [ "$softaculous" = 'yes' ]; then $VESTA/bin/v-add-vesta-softaculous fi -# Starting vesta service +# Starting Vesta service chkconfig vesta on service vesta start check_result $? "vesta start failed" @@ -1375,8 +1349,8 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Sending install notification to vestacp.com wget vestacp.com/notify/?$codename -O /dev/null -q -# Comparing hostname and ip -host_ip=$(host $servername| head -n 1 | awk '{print $NF}') +# Comparing hostname and IP +host_ip=$(host $servername| head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then ip="$servername" fi From 5fc8339a8d8334beee6e14bb4a6553edceed5f88 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 21 Jun 2018 18:01:24 +0300 Subject: [PATCH 043/140] cosmetic fixes for CentOS and Amazon installers --- install/vst-install-amazon.sh | 61 +++++++++++++++++------------------ install/vst-install-rhel.sh | 18 +++++------ 2 files changed, 39 insertions(+), 40 deletions(-) diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index f1fe62c7..be8d13e3 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -18,6 +18,7 @@ release='6' codename="${os}_$release" vestacp="$VESTA/install/$VERSION/$release" +# Defining software pack for all distros software="nginx httpd mod_ssl mod_ruid2 mod_fcgid mod_extract_forwarded php php-common php-cli php-bcmath php-gd php-imap php-mbstring php-mcrypt php-mysql php-pdo php-soap php-tidy php-xml php-xmlrpc php-fpm php-pgsql @@ -92,7 +93,7 @@ set_default_value() { fi } -# Define function to set default language value +# Defining function to set default language value set_default_lang() { if [ -z "$lang" ]; then eval lang=$1 @@ -112,9 +113,6 @@ set_default_lang() { # Verifications # #----------------------------------------------------------# -# Creating temporary file -tmpfile=$(mktemp -p /tmp) - # Translating argument to --gnu-long-options for arg; do delim="" @@ -226,7 +224,6 @@ if [ "$iptables" = 'no' ]; then fail2ban='no' fi - # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then check_result 1 "Script can be run executed only by root" @@ -247,16 +244,18 @@ if [ ! -e '/usr/bin/wget' ]; then fi # Checking repository availability -wget -q "http://c.vestacp.com/GPG.txt" -O /dev/null +wget -q "c.vestacp.com/GPG.txt" -O /dev/null check_result $? "No access to Vesta repository" # Checking installed packages +tmpfile=$(mktemp -p /tmp) rpm -qa > $tmpfile for pkg in exim mysql-server httpd nginx vesta; do if [ ! -z "$(grep $pkg $tmpfile)" ]; then conflicts="$pkg $conflicts" fi done +rm -f $tmpfile if [ ! -z "$conflicts" ] && [ -z "$force" ]; then echo '!!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!! !!!' echo @@ -277,7 +276,7 @@ fi # Brief Info # #----------------------------------------------------------# -# Printing nice ascii as logo +# Printing nice ASCII logo clear echo echo ' _| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|' @@ -289,7 +288,7 @@ echo echo ' Vesta Control Panel' echo -e "\n\n" -echo 'Following software will be installed on your system:' +echo 'The following software will be installed on your system:' # Web stack if [ "$nginx" = 'yes' ]; then @@ -310,16 +309,16 @@ if [ "$named" = 'yes' ]; then echo ' - Bind DNS Server' fi -# Mail Stack +# Mail stack if [ "$exim" = 'yes' ]; then - echo -n ' - Exim mail server' + echo -n ' - Exim Mail Server' if [ "$clamd" = 'yes' ] || [ "$spamd" = 'yes' ] ; then echo -n ' + ' if [ "$clamd" = 'yes' ]; then - echo -n 'Antivirus ' + echo -n 'ClamAV ' fi if [ "$spamd" = 'yes' ]; then - echo -n 'Antispam' + echo -n 'SpamAssassin' fi fi echo @@ -328,9 +327,9 @@ if [ "$exim" = 'yes' ]; then fi fi -# DB stack +# Database stack if [ "$mysql" = 'yes' ]; then - if [ $release = 7 ]; then + if [ $release -ge 7 ]; then echo ' - MariaDB Database Server' else echo ' - MySQL Database Server' @@ -438,7 +437,7 @@ fi # Install repositories # #----------------------------------------------------------# -# Updating system packages +# Updating system yum -y update check_result $? 'yum update failed' @@ -463,7 +462,7 @@ echo "baseurl=http://$RHOST/$REPO/$release/\$basearch/" >> $vrepo echo "enabled=1" >> $vrepo echo "gpgcheck=1" >> $vrepo echo "gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA" >> $vrepo -wget http://c.vestacp.com/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA +wget c.vestacp.com/GPG.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-VESTA #----------------------------------------------------------# @@ -476,53 +475,53 @@ cd $vst_backups mkdir nginx httpd php php-fpm vsftpd proftpd named exim dovecot clamd \ spamassassin mysql postgresql mongodb vesta -# Backing up Nginx configuration +# Backup Nginx configuration service nginx stop > /dev/null 2>&1 cp -r /etc/nginx/* $vst_backups/nginx > /dev/null 2>&1 -# Backing up Apache configuration +# Backup Apache configuration service httpd stop > /dev/null 2>&1 cp -r /etc/httpd/* $vst_backups/httpd > /dev/null 2>&1 -# Backing up PHP configuration +# Backup PHP-FPM configuration service php-fpm stop >/dev/null 2>&1 cp /etc/php.ini $vst_backups/php > /dev/null 2>&1 cp -r /etc/php.d $vst_backups/php > /dev/null 2>&1 cp /etc/php-fpm.conf $vst_backups/php-fpm > /dev/null 2>&1 mv -f /etc/php-fpm.d/* $vst_backups/php-fpm/ > /dev/null 2>&1 -# Backing up Bind configuration +# Backup Bind configuration yum remove bind-chroot > /dev/null 2>&1 service named stop > /dev/null 2>&1 cp /etc/named.conf $vst_backups/named >/dev/null 2>&1 -# Backing up Vsftpd configuration +# Backup Vsftpd configuration service vsftpd stop > /dev/null 2>&1 cp /etc/vsftpd/vsftpd.conf $vst_backups/vsftpd >/dev/null 2>&1 -# Backing up ProFTPD configuration +# Backup ProFTPD configuration service proftpd stop > /dev/null 2>&1 cp /etc/proftpd.conf $vst_backups/proftpd >/dev/null 2>&1 -# Backing up Exim configuration +# Backup Exim configuration service exim stop > /dev/null 2>&1 cp -r /etc/exim/* $vst_backups/exim >/dev/null 2>&1 -# Backing up ClamAV configuration +# Backup ClamAV configuration service clamd stop > /dev/null 2>&1 cp /etc/clamd.conf $vst_backups/clamd >/dev/null 2>&1 cp -r /etc/clamd.d $vst_backups/clamd >/dev/null 2>&1 -# Backing up SpamAssassin configuration +# Backup SpamAssassin configuration service spamassassin stop > /dev/null 2>&1 cp -r /etc/mail/spamassassin/* $vst_backups/spamassassin >/dev/null 2>&1 -# Backing up Dovecot configuration +# Backup Dovecot configuration service dovecot stop > /dev/null 2>&1 cp /etc/dovecot.conf $vst_backups/dovecot > /dev/null 2>&1 cp -r /etc/dovecot/* $vst_backups/dovecot > /dev/null 2>&1 -# Backing up MySQL/MariaDB configuration and data +# Backup MySQL/MariaDB configuration and data service mysql stop > /dev/null 2>&1 service mysqld stop > /dev/null 2>&1 service mariadb stop > /dev/null 2>&1 @@ -531,18 +530,18 @@ cp /etc/my.cnf $vst_backups/mysql > /dev/null 2>&1 cp /etc/my.cnf.d $vst_backups/mysql > /dev/null 2>&1 mv /root/.my.cnf $vst_backups/mysql > /dev/null 2>&1 -# Backing up MySQL/MariaDB configuration and data +# Backup MySQL/MariaDB configuration and data service postgresql stop > /dev/null 2>&1 mv /var/lib/pgsql/data $vst_backups/postgresql/ >/dev/null 2>&1 -# Backing up Vesta configuration and data +# Backup Vesta service vesta stop > /dev/null 2>&1 mv $VESTA/data/* $vst_backups/vesta > /dev/null 2>&1 mv $VESTA/conf/* $vst_backups/vesta > /dev/null 2>&1 #----------------------------------------------------------# -# Package Exludes # +# Package Excludes # #----------------------------------------------------------# # Excluding packages @@ -652,7 +651,7 @@ if [ -e '/etc/sysconfig/selinux' ]; then setenforce 0 2>/dev/null fi -# Disable iptables +# Disabling iptables service iptables stop # Configuring NTP synchronization diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 07df0713..473332ed 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -669,7 +669,7 @@ if [ -e '/etc/sysconfig/selinux' ]; then setenforce 0 2>/dev/null fi -# Disablng iptables +# Disabling iptables service iptables stop # Configuring NTP synchronization @@ -903,13 +903,13 @@ if [ "$apache" = 'yes' ]; then echo > proxy_ajp.conf fi if [ -e "/etc/httpd/conf.modules.d/00-dav.conf" ]; then - sed -i "s/^/#/" /etc/httpd/conf.modules.d/00-dav.conf - sed -i "s/^/#/" /etc/httpd/conf.modules.d/00-lua.conf - sed -i "s/^/#/" /etc/httpd/conf.modules.d/00-proxy.conf + cd /etc/httpd/conf.modules.d + sed -i "s/^/#/" 00-dav.conf 00-lua.conf 00-proxy.conf fi echo > /etc/httpd/conf.d/vesta.conf - touch /etc/httpd/logs/access_log /etc/httpd/logs/error_log - chmod 640 /etc/httpd/logs/access_log /etc/httpd/logs/error_log + cd /var/log/httpd + touch access_log error_log suexec.log + chmod 640 access_log error_log suexec.log chmod -f 777 /var/lib/php/session chmod a+x /var/log/httpd mkdir -p /var/log/httpd/domains @@ -1035,7 +1035,7 @@ if [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then cp -f $vestacp/pma/phpMyAdmin.conf /etc/httpd/conf.d/ fi - cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/ + cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php fi @@ -1324,7 +1324,7 @@ if [ "$quota" = 'yes' ]; then $VESTA/bin/v-add-sys-quota fi -# Enabling softaculous plugin +# Enabling Softaculous plugin if [ "$softaculous" = 'yes' ]; then $VESTA/bin/v-add-vesta-softaculous fi @@ -1350,7 +1350,7 @@ $VESTA/bin/v-add-cron-vesta-autoupdate wget vestacp.com/notify/?$codename -O /dev/null -q # Comparing hostname and IP -host_ip=$(host $servername| head -n 1 |awk '{print $NF}') +host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then ip="$servername" fi From f4751a4e9709ce77fb1aba6426428c7891629c21 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 21 Jun 2018 18:11:09 +0300 Subject: [PATCH 044/140] Updated Amazon installer --- install/vst-install-amazon.sh | 75 +++++++++++++++++------------------ 1 file changed, 37 insertions(+), 38 deletions(-) diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index be8d13e3..899d4cd8 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -668,7 +668,7 @@ adduser backup 2>/dev/null ln -sf /home/backup /backup chmod a+x /backup -# Chaning default directory color +# Set directory color echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile # Changing default systemd interval @@ -684,7 +684,7 @@ fi # Configure VESTA # #----------------------------------------------------------# -# Downlading sudo configuration +# Installing sudo configuration mkdir -p /etc/sudoers.d cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin @@ -700,7 +700,7 @@ source /root/.bash_profile # Configuring logrotate for vesta logs cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ -# Buidling directory tree and creating some blank files for vesta +# Building directory tree and creating some blank files for vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ $VESTA/data/queue $VESTA/data/users $VESTA/data/firewall \ $VESTA/data/sessions @@ -720,7 +720,7 @@ rm -f $VESTA/conf/vesta.conf 2>/dev/null touch $VESTA/conf/vesta.conf chmod 660 $VESTA/conf/vesta.conf -# WEB stack +# Web stack if [ "$apache" = 'yes' ] && [ "$nginx" = 'no' ] ; then echo "WEB_SYSTEM='httpd'" >> $VESTA/conf/vesta.conf echo "WEB_RGROUPS='apache'" >> $VESTA/conf/vesta.conf @@ -778,7 +778,7 @@ if [ "$exim" = 'yes' ]; then fi fi -# CRON daemon +# Cron daemon echo "CRON_SYSTEM='crond'" >> $VESTA/conf/vesta.conf # Firewall stack @@ -835,7 +835,6 @@ sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt sed -n "$key_start,${key_end}p" /tmp/vst.pem > certificate.key chown root:mail $VESTA/ssl/* chmod 660 $VESTA/ssl/* -chmod u+s /usr/bin/find rm /tmp/vst.pem @@ -853,8 +852,8 @@ if [ "$nginx" = 'yes' ]; then cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains - if [ "$release" -eq 7 ]; then - mkdir /etc/systemd/system/nginx.service.d + if [ "$release" -ge 7 ]; then + mkdir -p /etc/systemd/system/nginx.service.d cd /etc/systemd/system/nginx.service.d echo "[Service]" > limits.conf echo "LimitNOFILE=500000" >> limits.conf @@ -864,7 +863,7 @@ if [ "$nginx" = 'yes' ]; then check_result $? "nginx start failed" # Workaround for OpenVZ/Virtuozzo - if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then echo "#Vesta: workraround for networkmanager" >> /etc/rc.local echo "sleep 3 && service nginx restart" >> /etc/rc.local fi @@ -881,11 +880,12 @@ if [ "$apache" = 'yes' ]; then cp -f $vestacp/httpd/ssl.conf /etc/httpd/conf.d/ cp -f $vestacp/httpd/ruid2.conf /etc/httpd/conf.d/ cp -f $vestacp/logrotate/httpd /etc/logrotate.d/ - if [ $release -ne 7 ]; then - echo "MEFaccept 127.0.0.1" >> /etc/httpd/conf.d/mod_extract*.conf - echo > /etc/httpd/conf.d/proxy_ajp.conf + if [ $release -lt 7 ]; then + cd /etc/httpd/conf.d + echo "MEFaccept 127.0.0.1" >> mod_extract_forwarded.conf + echo > proxy_ajp.conf fi - if [ -e "conf.modules.d/00-dav.conf" ]; then + if [ -e "/etc/httpd/conf.modules.d/00-dav.conf" ]; then cd /etc/httpd/conf.modules.d sed -i "s/^/#/" 00-dav.conf 00-lua.conf 00-proxy.conf fi @@ -897,8 +897,8 @@ if [ "$apache" = 'yes' ]; then chmod a+x /var/log/httpd mkdir -p /var/log/httpd/domains chmod 751 /var/log/httpd/domains - if [ "$release" -eq 7 ]; then - mkdir /etc/systemd/system/httpd.service.d + if [ "$release" -ge 7 ]; then + mkdir -p /etc/systemd/system/httpd.service.d cd /etc/systemd/system/httpd.service.d echo "[Service]" > limits.conf echo "LimitNOFILE=500000" >> limits.conf @@ -908,7 +908,7 @@ if [ "$apache" = 'yes' ]; then check_result $? "httpd start failed" # Workaround for OpenVZ/Virtuozzo - if [ "$release" -eq '7' ] && [ -e "/proc/vz/veinfo" ]; then + if [ "$release" -ge '7' ] && [ -e "/proc/vz/veinfo" ]; then echo "#Vesta: workraround for networkmanager" >> /etc/rc.local echo "sleep 2 && service httpd restart" >> /etc/rc.local fi @@ -945,7 +945,7 @@ done #----------------------------------------------------------# -# Configure VSFTPD # +# Configure Vsftpd # #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then @@ -989,7 +989,7 @@ if [ "$mysql" = 'yes' ]; then chown mysql:mysql /var/lib/mysql mkdir -p /etc/my.cnf.d - if [ $release -ne 7 ]; then + if [ $release -lt 7 ]; then service='mysqld' else service='mariadb' @@ -1031,7 +1031,7 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then - if [ $release = 5 ]; then + if [ $release -eq 5 ]; then service postgresql start sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" service postgresql stop @@ -1125,16 +1125,15 @@ if [ "$clamd" = 'yes' ]; then gpasswd -a clam mail cp -f $vestacp/clamav/clamd.conf /etc/ cp -f $vestacp/clamav/freshclam.conf /etc/ - mkdir -p /var/log/clamav - mkdir -p /var/run/clamav + mkdir -p /var/log/clamav /var/run/clamav chown clam:clam /var/log/clamav /var/run/clamav chown -R clam:clam /var/lib/clamav - if [ "$release" -eq '7' ]; then + if [ "$release" -ge '7' ]; then cp -f $vestacp/clamav/clamd.service /usr/lib/systemd/system/ systemctl --system daemon-reload fi /usr/bin/freshclam - if [ "$release" -eq '7' ]; then + if [ "$release" -ge '7' ]; then sed -i "s/nofork/foreground/" /usr/lib/systemd/system/clamd.service systemctl daemon-reload fi @@ -1152,7 +1151,7 @@ if [ "$spamd" = 'yes' ]; then chkconfig spamassassin on service spamassassin start check_result $? "spamassassin start failed" - if [ "$release" -eq '7' ]; then + if [ "$release" -ge '7' ]; then groupadd -g 1001 spamd useradd -u 1001 -g spamd -s /sbin/nologin -d \ /var/lib/spamassassin spamd @@ -1216,9 +1215,9 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local - fi + fi chkconfig fail2ban on - /bin/mkdir -p /var/run/fail2ban + mkdir -p /var/run/fail2ban if [ -e "/usr/lib/systemd/system/fail2ban.service" ]; then exec_pre='ExecStartPre=/bin/mkdir -p /var/run/fail2ban' sed -i "s|\[Service\]|[Service]\n$exec_pre|g" \ @@ -1246,24 +1245,24 @@ if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then groupdel admin > /dev/null 2>&1 fi -# Adding vesta account +# Adding Vesta admin account $VESTA/bin/v-add-user admin $vpass $email default System Administrator check_result $? "can't create admin user" $VESTA/bin/v-change-user-shell admin bash $VESTA/bin/v-change-user-language admin $lang -# Configuring system ips +# Configuring system IPs $VESTA/bin/v-update-sys-ip -# Get main ip +# Get main IP ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) -# Firewall configuration +# Configuring firewall if [ "$iptables" = 'yes' ]; then $VESTA/bin/v-update-firewall fi -# Get public ip +# Get public IP pub_ip=$(curl -s vestacp.com/what-is-my-ip/) if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then echo "$VESTA/bin/v-update-sys-ip" >> /etc/rc.local @@ -1271,13 +1270,13 @@ if [ ! -z "$pub_ip" ] && [ "$pub_ip" != "$ip" ]; then ip=$pub_ip fi -# Configuring mysql host +# Configuring MySQL host if [ "$mysql" = 'yes' ]; then $VESTA/bin/v-add-database-host mysql localhost root $vpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi -# Configuring pgsql host +# Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql @@ -1285,8 +1284,8 @@ fi # Adding default domain $VESTA/bin/v-add-domain admin $servername -check_result $? "can't create $servername domain" +# Adding cron jobs command="sudo $VESTA/bin/v-update-sys-queue disk" $VESTA/bin/v-add-cron-job 'admin' '15' '02' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-queue traffic" @@ -1303,7 +1302,7 @@ command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" service crond restart -# Building initial rrd images +# Building RRD images $VESTA/bin/v-update-sys-rrd # Enabling file system quota @@ -1311,12 +1310,12 @@ if [ "$quota" = 'yes' ]; then $VESTA/bin/v-add-sys-quota fi -# Enabling softaculous plugin +# Enabling Softaculous plugin if [ "$softaculous" = 'yes' ]; then $VESTA/bin/v-add-vesta-softaculous fi -# Starting vesta service +# Starting Vesta service chkconfig vesta on service vesta start check_result $? "vesta start failed" @@ -1336,7 +1335,7 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Sending install notification to vestacp.com wget vestacp.com/notify/?$codename -O /dev/null -q -# Comparing hostname and ip +# Comparing hostname and IP host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then ip="$servername" From b6e26ac4791ce1e2a374b4622481610db75cc287 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Fri, 22 Jun 2018 16:55:52 +0300 Subject: [PATCH 045/140] Fixed mysql-server package replacement --- install/vst-install-rhel.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 473332ed..e529ff65 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -32,7 +32,7 @@ software="awstats bc bind bind-libs bind-utils clamav-server clamav-update # Fix for old releases if [ "$release" -lt 7 ]; then - software=$(echo "$software" |sed -e "s/mariadb/mysql/") + software=$(echo "$software" |sed -e "s/mariadb/mysql/g") software=$(echo "$software" |sed -e "s/clamav-server/clamd/") software=$(echo "$software" |sed -e "s/clamav-update//") software=$(echo "$software" |sed -e "s/iptables-services//") @@ -956,7 +956,7 @@ if [ -z "$ZONE" ]; then ZONE='UTC' fi for pconf in $(find /etc/php* -name php.ini); do - sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf + sed -i "s|;date.timezone =|date.timezone = $ZONE|g" $pconf sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf done From ca3a9e0895c5aa2fe8c273c08f09438fb0b23e9a Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Sun, 24 Jun 2018 10:38:16 +0300 Subject: [PATCH 046/140] Security fix for API hash check --- web/api/index.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/api/index.php b/web/api/index.php index 3cf0ec2d..80f72b99 100644 --- a/web/api/index.php +++ b/web/api/index.php @@ -58,6 +58,8 @@ if (isset($_POST['user']) || isset($_POST['hash'])) { echo 'Error: authentication failed'; exit; } + } else { + $return_var = 1; } } From ece8efd5053d56d3d25c231bd40449aa3ce29d68 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Sun, 24 Jun 2018 10:42:43 +0300 Subject: [PATCH 047/140] 0.9.8-22 --- src/deb/vesta/control | 2 +- src/rpm/specs/vesta.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/deb/vesta/control b/src/deb/vesta/control index b45b2f74..028a4e41 100644 --- a/src/deb/vesta/control +++ b/src/deb/vesta/control @@ -1,7 +1,7 @@ Source: vesta Package: vesta Priority: optional -Version: 0.9.8-21 +Version: 0.9.8-22 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index ea94eebd..58359da0 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -1,6 +1,6 @@ Name: vesta Version: 0.9.8 -Release: 21 +Release: 22 Summary: Vesta Control Panel Group: System Environment/Base License: GPL From 7f3e7d5b6372ec6793cf5ff1571793439cf4266f Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Sun, 24 Jun 2018 19:12:43 +0300 Subject: [PATCH 048/140] ip.sh include missing --- bin/v-update-sys-ip | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-update-sys-ip b/bin/v-update-sys-ip index 8c0da087..7360b07f 100755 --- a/bin/v-update-sys-ip +++ b/bin/v-update-sys-ip @@ -16,6 +16,7 @@ source /etc/profile # Includes source $VESTA/func/main.sh +source $VESTA/func/ip.sh source $VESTA/conf/vesta.conf From 397cf699bb5613015c62f526866a0bd3d1506e6c Mon Sep 17 00:00:00 2001 From: Clark Chen Date: Mon, 25 Jun 2018 15:07:33 +0800 Subject: [PATCH 049/140] Update tw.php --- web/inc/i18n/tw.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/web/inc/i18n/tw.php b/web/inc/i18n/tw.php index 02b5a29a..499d0ec4 100644 --- a/web/inc/i18n/tw.php +++ b/web/inc/i18n/tw.php @@ -573,7 +573,7 @@ $LANG['tw'] = array( 'Current Number Of Databases' => '目前的資料庫數量', 'Local backup' => '本機備份', 'Compression level' => '壓縮等級', - 'Directory' => 'Directory', + 'Directory' => '路徑', 'Remote backup' => '遠端備份', 'ftp' => 'FTP', 'sftp' => 'SFTP', @@ -740,14 +740,14 @@ $LANG['tw'] = array( 'webalizer' => 'webalizer', 'awstats' => 'awstats', - 'Vesta SSL' => 'Vesta SSL', - 'SUBJECT' => 'SUBJECT', - 'ALIASES' => 'ALIASES', - 'NOT_BEFORE' => 'NOT_BEFORE', - 'NOT_AFTER' => 'NOT_AFTER', - 'SIGNATURE' => 'SIGNATURE', - 'PUB_KEY' => 'PUB_KEY', - 'ISSUER' => 'ISSUER', + 'Vesta SSL' => 'Vesta後台 SSL', + 'SUBJECT' => '主體名稱', + 'ALIASES' => '主體別名', + 'NOT_BEFORE' => '有效期自', + 'NOT_AFTER' => '有效期到', + 'SIGNATURE' => '簽章演算法', + 'PUB_KEY' => '公開金鑰', + 'ISSUER' => '簽發者', 'Use server hostname' => '使用伺服器主機名稱', 'Use domain hostname' => '使用網域主機名稱', @@ -758,5 +758,5 @@ $LANG['tw'] = array( 'maximum characters length, including prefix' => '最多 %s 字元(包含前綴)', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => '信箱登入資訊', ); From bffeed57396279c105a2698c6ffc83c3e1d79969 Mon Sep 17 00:00:00 2001 From: Clark Chen Date: Mon, 25 Jun 2018 15:10:04 +0800 Subject: [PATCH 050/140] Update tw.php --- web/inc/i18n/tw.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/web/inc/i18n/tw.php b/web/inc/i18n/tw.php index 499d0ec4..4f493eb5 100644 --- a/web/inc/i18n/tw.php +++ b/web/inc/i18n/tw.php @@ -2,10 +2,6 @@ /** * Vesta language file * This language file is translate by - * Peter Dave Hello Blog (https://www.peterdavehello.org) - * Peter Dave Hello GitHub (https://github.com/PeterDaveHello) - * Peter Dave Hello Twitter (https://twitter.com/PeterDaveHello) - * Clark's Computer Knowledge Journal (https://www.clark-chen.com) * Clark's Hosting Service (https://host.clark-chen.com) * Clark Chen (clark@clark-chen.com) */ From dd19eef3aab67b08ffa086c90b3abae6094c2f0e Mon Sep 17 00:00:00 2001 From: Clark Chen Date: Mon, 25 Jun 2018 15:11:15 +0800 Subject: [PATCH 051/140] Update tw.php --- web/inc/i18n/tw.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/web/inc/i18n/tw.php b/web/inc/i18n/tw.php index 4f493eb5..10b06aef 100644 --- a/web/inc/i18n/tw.php +++ b/web/inc/i18n/tw.php @@ -216,6 +216,7 @@ $LANG['tw'] = array( 'Autoreply' => '自動回覆', 'Forward to' => '轉寄到', 'Do not store forwarded mail' => '不保留已轉發的郵件', + 'Email Credentials' => '信箱登入資訊', 'IMAP hostname' => 'IMAP 主機名稱', 'IMAP port' => 'IMAP 連接埠', 'IMAP security' => 'IMAP 安全性', @@ -753,6 +754,4 @@ $LANG['tw'] = array( 'Do not use encryption' => '不要使用加密', 'maximum characters length, including prefix' => '最多 %s 字元(包含前綴)', - - 'Email Credentials' => '信箱登入資訊', ); From 5b4211b3dade48e3f7ab43fbf02320856de1143c Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 27 Jun 2018 12:00:44 +0300 Subject: [PATCH 052/140] updated spec to 0.9.8-22 --- src/deb/ioncube/control | 2 +- src/deb/nginx/control | 2 +- src/deb/php/control | 2 +- src/deb/softaculous/control | 2 +- src/rpm/specs/vesta-ioncube.spec | 2 +- src/rpm/specs/vesta-nginx.spec | 2 +- src/rpm/specs/vesta-php.spec | 2 +- src/rpm/specs/vesta-softaculous.spec | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/deb/ioncube/control b/src/deb/ioncube/control index 607655f5..89268f6e 100644 --- a/src/deb/ioncube/control +++ b/src/deb/ioncube/control @@ -1,7 +1,7 @@ Source: vesta-ioncube Package: vesta-ioncube Priority: optional -Version: 0.9.8-21 +Version: 0.9.8-22 Section: admin Maintainer: Serghey Rodin Homepage: https://www.ioncube.com diff --git a/src/deb/nginx/control b/src/deb/nginx/control index 1f17044e..9dc7351a 100644 --- a/src/deb/nginx/control +++ b/src/deb/nginx/control @@ -1,7 +1,7 @@ Source: vesta-nginx Package: vesta-nginx Priority: optional -Version: 0.9.8-21 +Version: 0.9.8-22 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/php/control b/src/deb/php/control index ad9991e5..3714008d 100644 --- a/src/deb/php/control +++ b/src/deb/php/control @@ -1,7 +1,7 @@ Source: vesta-php Package: vesta-php Priority: optional -Version: 0.9.8-21 +Version: 0.9.8-22 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/softaculous/control b/src/deb/softaculous/control index acadc809..35140df6 100644 --- a/src/deb/softaculous/control +++ b/src/deb/softaculous/control @@ -1,7 +1,7 @@ Source: vesta-softaculous Package: vesta-softaculous Priority: optional -Version: 0.9.8-21 +Version: 0.9.8-22 Section: admin Maintainer: Serghey Rodin Homepage: https://www.softaculous.com diff --git a/src/rpm/specs/vesta-ioncube.spec b/src/rpm/specs/vesta-ioncube.spec index aaa4cf5d..5d48dc29 100644 --- a/src/rpm/specs/vesta-ioncube.spec +++ b/src/rpm/specs/vesta-ioncube.spec @@ -1,6 +1,6 @@ Name: vesta-ioncube Version: 0.9.8 -Release: 21 +Release: 22 Summary: ionCube Loader Group: System Environment/Base License: "Freely redistributable without restriction" diff --git a/src/rpm/specs/vesta-nginx.spec b/src/rpm/specs/vesta-nginx.spec index 9e83f48a..a633ef85 100644 --- a/src/rpm/specs/vesta-nginx.spec +++ b/src/rpm/specs/vesta-nginx.spec @@ -1,6 +1,6 @@ Name: vesta-nginx Version: 0.9.8 -Release: 21 +Release: 22 Summary: Vesta Control Panel Group: System Environment/Base License: BSD-like diff --git a/src/rpm/specs/vesta-php.spec b/src/rpm/specs/vesta-php.spec index 112deee1..12d1c401 100644 --- a/src/rpm/specs/vesta-php.spec +++ b/src/rpm/specs/vesta-php.spec @@ -1,6 +1,6 @@ Name: vesta-php Version: 0.9.8 -Release: 21 +Release: 22 Summary: Vesta Control Panel Group: System Environment/Base License: GPL diff --git a/src/rpm/specs/vesta-softaculous.spec b/src/rpm/specs/vesta-softaculous.spec index 15bb15b3..7e92cfdb 100644 --- a/src/rpm/specs/vesta-softaculous.spec +++ b/src/rpm/specs/vesta-softaculous.spec @@ -1,6 +1,6 @@ Name: vesta-softaculous Version: 0.9.8 -Release: 21 +Release: 22 Summary: Vesta Control Panel Group: System Environment/Base License: Softaculous License From af04e1bdb9f9a709e967f3ba9944b5e1dfa69e3b Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 28 Jun 2018 00:55:13 +0300 Subject: [PATCH 053/140] clean php-fpm.conf --- src/rpm/conf/php-fpm.conf | 479 +------------------------------------- 1 file changed, 6 insertions(+), 473 deletions(-) diff --git a/src/rpm/conf/php-fpm.conf b/src/rpm/conf/php-fpm.conf index 0a76ae2f..d9a04795 100755 --- a/src/rpm/conf/php-fpm.conf +++ b/src/rpm/conf/php-fpm.conf @@ -1,468 +1,21 @@ -;;;;;;;;;;;;;;;;;;;;; -; FPM Configuration ; -;;;;;;;;;;;;;;;;;;;;; - -; All relative paths in this configuration file are relative to PHP's install -; prefix (/usr/local/vesta/php). This prefix can be dynamicaly changed by using the -; '-p' argument from the command line. - -; Include one or more files. If glob(3) exists, it is used to include a bunch of -; files from a glob(3) pattern. This directive can be used everywhere in the -; file. -; Relative path can also be used. They will be prefixed by: -; - the global prefix if it's been set (-p arguement) -; - /usr/local/vesta/php otherwise -;include=etc/fpm.d/*.conf - -;;;;;;;;;;;;;;;;;; -; Global Options ; -;;;;;;;;;;;;;;;;;; - [global] -; Pid file -; Note: the default prefix is /usr/local/vesta/php/var -; Default Value: none pid = /var/run/vesta-php.pid +daemonize = yes -; Error log file -; If it's set to "syslog", log is sent to syslogd instead of being written -; in a local file. -; Note: the default prefix is /usr/local/vesta/php/var -; Default Value: log/php-fpm.log -;error_log = log/php-fpm.log - -; syslog_facility is used to specify what type of program is logging the -; message. This lets syslogd specify that messages from different facilities -; will be handled differently. -; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) -; Default Value: daemon -;syslog.facility = daemon - -; syslog_ident is prepended to every message. If you have multiple FPM -; instances running on the same server, you can change the default value -; which must suit common needs. -; Default Value: php-fpm -syslog.ident = vesta-php - -; Log level -; Possible Values: alert, error, warning, notice, debug -; Default Value: notice -log_level = error - -; If this number of child processes exit with SIGSEGV or SIGBUS within the time -; interval set by emergency_restart_interval then FPM will restart. A value -; of '0' means 'Off'. -; Default Value: 0 -emergency_restart_threshold = 10 - -; Interval of time used by emergency_restart_interval to determine when -; a graceful restart will be initiated. This can be useful to work around -; accidental corruptions in an accelerator's shared memory. -; Available Units: s(econds), m(inutes), h(ours), or d(ays) -; Default Unit: seconds -; Default Value: 0 -emergency_restart_interval = 1m - -; Time limit for child processes to wait for a reaction on signals from master. -; Available units: s(econds), m(inutes), h(ours), or d(ays) -; Default Unit: seconds -; Default Value: 0 -process_control_timeout = 10s - -; The maximum number of processes FPM will fork. This has been design to control -; the global number of processes when using dynamic PM within a lot of pools. -; Use it with caution. -; Note: A value of 0 indicates no limit -; Default Value: 0 -; process.max = 128 - -; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. -; Default Value: yes -;daemonize = yes - -; Set open file descriptor rlimit for the master process. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit for the master process. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Specify the event mechanism FPM will use. The following is available: -; - select (any POSIX os) -; - poll (any POSIX os) -; - epoll (linux >= 2.5.44) -; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) -; - /dev/poll (Solaris >= 7) -; - port (Solaris >= 10) -; Default Value: not set (auto detection) -events.mechanism = epoll - -;;;;;;;;;;;;;;;;;;;; -; Pool Definitions ; -;;;;;;;;;;;;;;;;;;;; - -; Multiple pools of child processes may be started with different listening -; ports and different management options. The name of the pool will be -; used in logs and stats. There is no limitation on the number of pools which -; FPM can handle. Your system will tell you anyway :) - -; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the -; pool name ('www' here) [www] - -; Per pool prefix -; It only applies on the following directives: -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr/local/vesta/php) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. user = admin group = admin - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -;listen = 127.0.0.1:9000 listen = /var/run/vesta-php.sock - -; Set listen(2) backlog. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 listen.owner = admin listen.group = admin listen.mode = 0660 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -;listen.allowed_clients = 127.0.0.1 -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = ondemand +pm = dynamic +pm.max_children = 5 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 3 -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = 2 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -;pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -;pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -;pm.max_spare_servers = 3 - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -pm.max_requests = 1000 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: ouput header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp @@ -470,26 +23,6 @@ env[TMPDIR] = /tmp env[TEMP] = /tmp env[VESTA] = $VESTA env[LANG] = en_US.UTF-8 - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr/local/vesta/php) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument php_flag[display_errors] = off php_admin_value[error_log] = /usr/local/vesta/log/fpm-php.log php_admin_flag[log_errors] = on From 3933ca4cb4c0fe1181dabb045de7f35428d9392c Mon Sep 17 00:00:00 2001 From: Alexandros Ioannides Date: Fri, 29 Jun 2018 00:05:23 +0300 Subject: [PATCH 054/140] Typo fix --- install/vst-install-ubuntu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index fdb95db3..ef4b7079 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -1098,7 +1098,7 @@ if [ "$clamd" = 'yes' ]; then /usr/bin/freshclam update-rc.d clamav-daemon defaults service clamav-daemon start - check_result $? "clamav-daeom start failed" + check_result $? "clamav-daemon start failed" fi From 289ff88e4d498bfafa58cf1d6ed298be0114f249 Mon Sep 17 00:00:00 2001 From: pan93412 Date: Thu, 5 Jul 2018 18:28:23 +0800 Subject: [PATCH 055/140] Update Chinese (Taiwan) Translation. --- web/inc/i18n/tw.php | 317 ++++++++++++++++++++++---------------------- 1 file changed, 160 insertions(+), 157 deletions(-) diff --git a/web/inc/i18n/tw.php b/web/inc/i18n/tw.php index 10b06aef..d35cba4a 100644 --- a/web/inc/i18n/tw.php +++ b/web/inc/i18n/tw.php @@ -4,10 +4,13 @@ * This language file is translate by * Clark's Hosting Service (https://host.clark-chen.com) * Clark Chen (clark@clark-chen.com) + * + * Translation recheck by: + * pan93412 */ $LANG['tw'] = array( 'Packages' => '方案設定', - 'IP' => 'IP管理', + 'IP' => 'IP 管理', 'Graphs' => '資源使用圖表', 'Statistics' => '統計資料', 'Log' => '系統紀錄', @@ -29,7 +32,7 @@ $LANG['tw'] = array( 'LOGIN' => '登入', 'RESET PASSWORD' => '重設密碼', 'SEARCH' => '搜尋', - 'PACKAGE' => '套件', + 'PACKAGE' => '方案', 'RRD' => 'RRD', 'STATS' => '狀態', 'LOG' => '日誌', @@ -41,7 +44,7 @@ $LANG['tw'] = array( 'NETWORK' => '網路', 'Web Log Manager' => 'Web 日誌管理員', - 'no notifications' => 'no notifications', + 'no notifications' => '沒有通知', 'Add User' => '新增使用者', 'Add Domain' => '新增網域', @@ -54,7 +57,7 @@ $LANG['tw'] = array( 'Add Cron Job' => '新增任務排程', 'Create Backup' => '建立備份', 'Configure' => '設定', - 'Restore All' => '全部回復', + 'Restore All' => '全部還原', 'Add Package' => '新增方案', 'Add IP' => '新增 IP', 'Add Rule' => '新增規則', @@ -62,9 +65,9 @@ $LANG['tw'] = array( 'Search' => '搜尋', 'Add one more FTP Account' => '新增 FTP 帳號', 'Overall Statistics' => '整理統計資料', - 'Daily' => '天', - 'Weekly' => '周', - 'Monthly' => '月', + 'Daily' => '每天', + 'Weekly' => '每週', + 'Monthly' => '每月', 'Yearly' => '每年', 'Add' => '新增', 'Back' => '返回', @@ -79,16 +82,16 @@ $LANG['tw'] = array( 'rebuild mail' => '重建信箱', 'rebuild db' => '重建資料庫', 'rebuild cron' => '重建任務排程', - 'update counters' => '更新計數器', - 'suspend' => '封鎖', - 'unsuspend' => '解除封鎖', + 'update counters' => '更新計數器', + 'suspend' => '暫停', + 'unsuspend' => '解除暫停', 'delete' => '刪除', - 'show per user' => '依照選擇的使用者', + 'show per user' => '依選擇的使用者', 'login as' => '登入帳號', 'logout' => '登出', 'edit' => '編輯', 'open webstats' => '開啟網站統計資料', - 'view logs' => '查看系統紀錄', + 'view logs' => '檢視系統紀錄', 'list records' => '列出 %s 紀錄', 'add record' => '新增紀錄', 'list accounts' => '列出 %s 帳號', @@ -97,29 +100,29 @@ $LANG['tw'] = array( 'list fail2ban' => '列出登入失敗遭封鎖名單', 'open %s' => '開啟 %s', 'download' => '下載', - 'restore' => '回復', - 'configure restore settings' => '配置回復設定', + 'restore' => '還原', + 'configure restore settings' => '配置還原設定', 'stop' => '停止', 'start' => '啟動', 'restart' => '重新啟動', 'update' => '更新', 'generate' => '產生', 'Generate CSR' => '產生憑證簽署請求 (CSR)', - 'reread IP' => '重新取得IP', + 'reread IP' => '重新取得 IP', 'enable autoupdate' => '啟用自動更新', 'disable autoupdate' => '停用自動更新', 'turn on notifications' => '啟用通知', 'turn off notifications' => '停用通知', - 'configure' => 'configure', + 'configure' => '配置', 'Adding User' => '新增使用者', 'Editing User' => '編輯使用者', 'Adding Domain' => '新增網域', 'Editing Domain' => '編輯網域', - 'Adding DNS Domain' => '新增DNS網域', - 'Editing DNS Domain' => '編輯DNS網域', - 'Adding DNS Record' => '新增DNS紀錄', - 'Editing DNS Record' => '編輯DNS紀錄', + 'Adding DNS Domain' => '新增 DNS 網域', + 'Editing DNS Domain' => '編輯 DNS 網域', + 'Adding DNS Record' => '新增 DNS 紀錄', + 'Editing DNS Record' => '編輯 DNS 紀錄', 'Adding Mail Domain' => '新增信箱網域', 'Editing Mail Domain' => '編輯信箱網域', 'Adding Mail Account' => '新增信箱帳號', @@ -130,10 +133,10 @@ $LANG['tw'] = array( 'Editing Database' => '編輯資料庫', 'Adding Package' => '新增方案', 'Editing Package' => '編輯方案', - 'Adding IP address' => '新增IP', - 'Editing IP Address' => '編輯IP', + 'Adding IP address' => '新增 IP', + 'Editing IP Address' => '編輯 IP', 'Editing Backup Exclusions' => '編輯備份排除項目', - 'Generating CSR' => '產生憑證簽署請求(CSR)中...', + 'Generating CSR' => '產生憑證簽署請求 (CSR) 中...', 'Listing' => '列出', 'Search Results' => '搜尋結果', 'Adding Firewall Rule' => '新增防火牆規則', @@ -141,11 +144,11 @@ $LANG['tw'] = array( 'Adding IP Address to Banlist' => '新增IP至黑名單', 'active' => '正常', - 'spnd' => '封鎖', - 'suspended' => '已封鎖', + 'spnd' => '暫停', + 'suspended' => '已暫停', 'running' => '執行中', 'stopped' => '已停止', - 'outdated' => '有新版本可升級', + 'outdated' => '有可升級的新版本', 'updated' => '已是最新版本', 'yes' => '是', @@ -157,8 +160,8 @@ $LANG['tw'] = array( 'mb' => 'MB', 'minute' => '分鐘', 'hour' => '小時', - 'day' => '天', - 'days' => '天', + 'day' => '日', + 'days' => '日', 'hours' => '小時', 'minutes' => '分鐘', 'month' => '月', @@ -169,15 +172,15 @@ $LANG['tw'] = array( 'Mail' => '信箱', 'Databases' => '資料庫', 'User Directories' => '使用者目錄', - 'Template' => '模板', - 'Web Template' => 'Apache 模板', - 'Backend Template' => 'Backend 模板', - 'Proxy Template' => 'Proxy 模板', - 'DNS Template' => 'DNS 模板', + 'Template' => '範本', + 'Web Template' => 'Apache 範本', + 'Backend Template' => 'Backend 範本', + 'Proxy Template' => 'Proxy 範本', + 'DNS Template' => 'DNS 範本', 'Web Domains' => '網站網域', 'SSL Domains' => 'SSL 網域', 'Web Aliases' => '網站子網域', - 'per domain' => '(每網域)', + 'per domain' => '(每個網域)', 'DNS Domains' => 'DNS 網域', 'DNS domains' => 'DNS 網域', 'DNS records' => 'DNS 紀錄', @@ -191,7 +194,7 @@ $LANG['tw'] = array( 'Backups' => '備份', 'Backup System' => '備份系統', 'backup exclusions' => '備份例外', - 'template' => '模板', + 'template' => '範本', 'SSL Support' => 'SSL 支援', 'SSL Home Directory' => 'SSL 主目錄', 'Lets Encrypt Support' => 'Lets Encrypt 支援', @@ -206,11 +209,11 @@ $LANG['tw'] = array( 'TTL' => 'TTL', 'Expire' => '過期', 'Records' => '紀錄', - 'Serial' => 'Serial', + 'Serial' => '序列 (Serial)', 'Catchall email' => '收到所有郵件', 'AntiVirus Support' => '防毒支援', 'AntiSpam Support' => '防垃圾郵件支援', - 'DKIM Support' => 'DKIM支援', + 'DKIM Support' => 'DKIM 支援', 'Accounts' => '帳號', 'Quota' => '配額', 'Autoreply' => '自動回覆', @@ -226,7 +229,7 @@ $LANG['tw'] = array( 'SMTP security' => 'SMTP 安全性', 'SMTP auth method' => 'SMTP 驗證方式', 'STARTTLS' => 'STARTTLS', - 'Normal password' => 'Normal password', + 'Normal password' => '普通密碼', 'database' => '資料庫', 'User' => '使用者', 'Host' => '主機', @@ -248,16 +251,16 @@ $LANG['tw'] = array( 'Users' => '使用者', 'Load Average' => '平均負載量', 'Memory Usage' => '記憶體使用量', - 'APACHE2 Usage' => 'APACHE2 使用情形', - 'HTTPD Usage' => 'HTTPD 使用情形', - 'NGINX Usage' => 'NGINX 使用情形', - 'MySQL Usage on localhost' => '本機 MySQL 使用情形', - 'PostgreSQL Usage on localhost' => '本機 PostgreSQL 使用情形', - 'Bandwidth Usage eth0' => 'eth0 頻寬使用情形', - 'Bandwidth Usage eth1' => 'eth1 頻寬使用情形', - 'Exim Usage' => 'Exim 使用情形', - 'FTP Usage' => 'FTP 使用情形', - 'SSH Usage' => 'SSH 使用情形', + 'APACHE2 Usage' => 'APACHE2 使用量', + 'HTTPD Usage' => 'HTTPD 使用量', + 'NGINX Usage' => 'NGINX 使用量', + 'MySQL Usage on localhost' => '本機 MySQL 使用量', + 'PostgreSQL Usage on localhost' => '本機 PostgreSQL 使用量', + 'Bandwidth Usage eth0' => 'eth0 頻寬使用量', + 'Bandwidth Usage eth1' => 'eth1 頻寬使用量', + 'Exim Usage' => 'Exim 使用量', + 'FTP Usage' => 'FTP 使用量', + 'SSH Usage' => 'SSH 使用量', 'reverse proxy' => '反向代理伺服器', 'web server' => '網站伺服器', 'dns server' => 'DNS 伺服器', @@ -274,12 +277,12 @@ $LANG['tw'] = array( 'Memory' => '記憶體', 'Uptime' => '已啟動時間', 'core package' => '核心系統', - 'php interpreter' => 'PHP解析', + 'php interpreter' => 'PHP 解析', 'internal web server' => '管理系統伺服器', 'Version' => '版本', 'Release' => '發佈號碼', 'Architecture' => '架構', - 'Object' => 'Object', + 'Object' => '物件', 'Username' => '使用者名稱', 'Password' => '密碼', 'Email' => '電子信箱', @@ -288,7 +291,7 @@ $LANG['tw'] = array( 'First Name' => '名字', 'Last Name' => '姓氏', 'Send login credentials to email address' => '傳送登入資訊至使用者的信箱', - 'Default Template' => '預設模板', + 'Default Template' => '預設範本', 'Default Name Servers' => '預設域名伺服器', 'Domain' => '網域', 'DNS Support' => 'DNS 支援', @@ -314,7 +317,7 @@ $LANG['tw'] = array( 'IP or Value' => 'IP 或值', 'Priority' => '優先順序', 'Record Number' => '記錄編號', - 'in megabytes' => '以MB為單位', + 'in megabytes' => '以 MB 為單位', 'Message' => '訊息', 'use local-part' => '使用本地部分', 'one or more email addresses' => '一個或更多電子郵件信箱', @@ -354,8 +357,8 @@ $LANG['tw'] = array( 'charset' => '編碼', 'domain' => '網域', 'ip' => 'IP', - 'ip address' => 'IP位置', - 'IP address' => 'IP位置', + 'ip address' => 'IP 位置', + 'IP address' => 'IP 位置', 'netmask' => '子網路遮罩', 'interface' => '介面卡', 'assigned user' => '指定使用者', @@ -367,19 +370,19 @@ $LANG['tw'] = array( 'last name' => '姓氏', 'account' => '帳號', 'ssl certificate' => 'SSL 憑證', - 'ssl key' => 'SSL密鑰', + 'ssl key' => 'SSL 密鑰', 'stats user password' => '統計使用者帳號密碼', 'stats username' => '統計使用者名稱', 'stats password' => '統計密碼', - 'ftp user password' => 'FTP使用者帳號密碼', - 'ftp user' => 'FTP使用者', - 'Last 70 lines of %s.%s.log' => '%s.%s.log 的最後70行', + 'ftp user password' => 'FTP 使用者帳號密碼', + 'ftp user' => 'FTP 使用者', + 'Last 70 lines of %s.%s.log' => '%s.%s.log 的最後 70 行', 'AccessLog' => '存取記錄', 'ErrorLog' => '錯誤紀錄', 'Download AccessLog' => '下載存取記錄', 'Download ErrorLog' => '下載錯誤記錄', 'Country' => '國家', - '2 letter code' => '國家簡碼(台灣是TW/香港是HK)', + '2 letter code' => '國家簡碼(台灣 TW、香港 HK)', 'State / Province' => '州 / 省', 'City / Locality' => '市 / 地區', 'Organization' => '組織名稱', @@ -388,8 +391,8 @@ $LANG['tw'] = array( 'Port' => '連線埠', 'Comment' => '備註', 'Banlist' => '封鎖清單', - 'ranges are acceptable' => 'ranges are acceptable', - 'CIDR format is supported' => 'CIDR format is supported', + 'ranges are acceptable' => '可接受陣列', + 'CIDR format is supported' => '支援 CIDR 格式', 'ACCEPT' => 'ACCEPT', 'DROP' => 'DROP', 'TCP' => 'TCP', @@ -423,71 +426,71 @@ $LANG['tw'] = array( '%s databases' => '%s 個資料庫', '1 cron job' => '1 個任務排程', '%s cron jobs' => '%s 個任務排程', - '1 archive' => '1 壓縮', - '%s archives' => '%s 壓縮', + '1 archive' => '1 個壓縮', + '%s archives' => '%s 個壓縮', '1 item' => '1 個項目', '%s items' => '%s 個項目', '1 package' => '1 種方案', - '%s packages' => '%s 整方案', + '%s packages' => '%s 種方案', '1 IP address' => '1 個 IP 位置', '%s IP addresses' => '%s 個 IP 位置', - '1 month' => '1 月', - '%s months' => '%s 月', - '1 log record' => '1 系統記錄', - '%s log records' => '%s 系統記錄', + '1 month' => '1 個月', + '%s months' => '%s 個月', + '1 log record' => '1 筆系統記錄', + '%s log records' => '%s 筆系統記錄', '1 object' => '1 個物件', '%s objects' => '%s 個物件', 'no exclusions' => '取消排除', '1 rule' => '1 條規則', '%s rules' => '%s 條規則', - 'There are no currently banned IP' => '目前沒有任何已封鎖的IP', + 'There are no currently banned IP' => '目前沒有任何已封鎖的 IP', - 'USER_CREATED_OK' => '使用者 %s has been 已加入成功!', - 'WEB_DOMAIN_CREATED_OK' => '網域 %s 已加入成功!', - 'DNS_DOMAIN_CREATED_OK' => 'DNS網域 %s 已加入成功!', - 'DNS_RECORD_CREATED_OK' => '記錄 %s.%s 已加入成功!', - 'MAIL_DOMAIN_CREATED_OK' => '信箱網域 %s 已加入成功!', - 'MAIL_ACCOUNT_CREATED_OK' => '信箱帳號 %s@%s 已加入成功!', - 'DATABASE_CREATED_OK' => '資料庫 %s 已加入成功!', - 'CRON_CREATED_OK' => '任務排程已加入成功!', - 'IP_CREATED_OK' => 'IP位置 %s 已加入成功!', - 'PACKAGE_CREATED_OK' => '方案 %s 已加入成功!', - 'SSL_GENERATED_OK' => '已成功產生 SSL 憑證!', - 'RULE_CREATED_OK' => '已成功加入規則!', + 'USER_CREATED_OK' => '使用者 %s has been 已加入成功！', + 'WEB_DOMAIN_CREATED_OK' => '網域 %s 已加入成功！', + 'DNS_DOMAIN_CREATED_OK' => 'DNS 網域 %s 已加入成功！', + 'DNS_RECORD_CREATED_OK' => '記錄 %s.%s 已加入成功！', + 'MAIL_DOMAIN_CREATED_OK' => '信箱網域 %s 已加入成功！', + 'MAIL_ACCOUNT_CREATED_OK' => '信箱帳號 %s@%s 已加入成功！', + 'DATABASE_CREATED_OK' => '資料庫 %s 已加入成功！', + 'CRON_CREATED_OK' => '任務排程已加入成功！', + 'IP_CREATED_OK' => 'IP 位置 %s 已加入成功！', + 'PACKAGE_CREATED_OK' => '方案 %s 已加入成功！', + 'SSL_GENERATED_OK' => '已成功產生 SSL 憑證！', + 'RULE_CREATED_OK' => '已成功加入規則！', 'BANLIST_CREATED_OK' => 'IP 位置已經成功封鎖', - 'Autoupdate has been successfully enabled' => '自動更新已成功啟動', - 'Autoupdate has been successfully disabled' => '自動更新已成功關閉', - 'Cronjob email reporting has been successfully enabled' => '任務排程電子郵件回報已成功啟動', - 'Cronjob email reporting has been successfully disabled' => '任務排程電子郵件回報已成功關閉', - 'Changes has been saved.' => '已儲存更改', + 'Autoupdate has been successfully enabled' => '「自動更新」已成功啟動', + 'Autoupdate has been successfully disabled' => '「自動更新」已成功關閉', + 'Cronjob email reporting has been successfully enabled' => '「任務排程電子郵件回報」已成功啟動', + 'Cronjob email reporting has been successfully disabled' => '「任務排程電子郵件回報」已成功關閉', + 'Changes has been saved.' => '已儲存變更', 'Confirmation' => '確認', - 'DELETE_USER_CONFIRMATION' => '確定要刪除使用者 %s 嗎?', - 'SUSPEND_USER_CONFIRMATION' => '確定要封鎖使用者 %s 嗎?', - 'UNSUSPEND_USER_CONFIRMATION' => '確定要解除封鎖使用者 %s 嗎?', - 'DELETE_DOMAIN_CONFIRMATION' => '確定要刪除網域 %s 嗎?', - 'SUSPEND_DOMAIN_CONFIRMATION' => '確定要封鎖網域 %s 嗎?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => '確定要解除封鎖網域 %s 嗎?', - 'DELETE_RECORD_CONFIRMATION' => '確定要刪除記錄 %s 嗎?', - 'SUSPEND_RECORD_CONFIRMATION' => '確定要封鎖記錄 %s 嗎?', - 'UNSUSPEND_RECORD_CONFIRMATION' => '確定要解除封鎖紀錄 %s 嗎?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '確定要刪除 %s 嗎?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要封鎖 %s 嗎?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要解除封鎖 %s 嗎?', - 'DELETE_DATABASE_CONFIRMATION' => '確定要刪除資料庫 %s 嗎?', - 'SUSPEND_DATABASE_CONFIRMATION' => '確定要封鎖資料庫 %s 嗎?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => '確定要解除封鎖資料庫 %s 嗎?', - 'DELETE_CRON_CONFIRMATION' => '確定要刪除任務排程嗎?', - 'SUSPEND_CRON_CONFIRMATION' => '確定要封鎖任務排程嗎?', - 'UNSUSPEND_CRON_CONFIRMATION' => '確定要解除封鎖任務排程嗎?', - 'DELETE_BACKUP_CONFIRMATION' => '確定要刪除 %s 備份嗎?', - 'DELETE_EXCLUSION_CONFIRMATION' => '確定要刪除 %s 例外嗎?', - 'DELETE_PACKAGE_CONFIRMATION' => '確定要方案 %s 嗎?', - 'DELETE_IP_CONFIRMATION' => '確定要刪除IP地址 %s 嗎?', - 'DELETE_RULE_CONFIRMATION' => '確定要刪除規則 #%s 嗎?', - 'SUSPEND_RULE_CONFIRMATION' => '確定要封鎖規則 #%s 嗎?', - 'UNSUSPEND_RULE_CONFIRMATION' => '確定要解除封鎖規則 #%s 嗎?', - 'LEAVE_PAGE_CONFIRMATION' => '離開?', - 'RESTART_CONFIRMATION' => '確定要重新啟動 %s 嗎?', + 'DELETE_USER_CONFIRMATION' => '確定要刪除使用者 %s 嗎？', + 'SUSPEND_USER_CONFIRMATION' => '確定要暫停使用者 %s 嗎？', + 'UNSUSPEND_USER_CONFIRMATION' => '確定要解除暫停使用者 %s 嗎？', + 'DELETE_DOMAIN_CONFIRMATION' => '確定要刪除網域 %s 嗎？', + 'SUSPEND_DOMAIN_CONFIRMATION' => '確定要暫停網域 %s 嗎？', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => '確定要解除暫停網域 %s 嗎？', + 'DELETE_RECORD_CONFIRMATION' => '確定要刪除記錄 %s 嗎？', + 'SUSPEND_RECORD_CONFIRMATION' => '確定要暫停記錄 %s 嗎？', + 'UNSUSPEND_RECORD_CONFIRMATION' => '確定要解除暫停紀錄 %s 嗎？', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '確定要刪除 %s 嗎？', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要暫停 %s 嗎？', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要解除暫停 %s 嗎？', + 'DELETE_DATABASE_CONFIRMATION' => '確定要刪除資料庫 %s 嗎？', + 'SUSPEND_DATABASE_CONFIRMATION' => '確定要暫停資料庫 %s 嗎？', + 'UNSUSPEND_DATABASE_CONFIRMATION' => '確定要解除暫停資料庫 %s 嗎？', + 'DELETE_CRON_CONFIRMATION' => '確定要刪除任務排程嗎？', + 'SUSPEND_CRON_CONFIRMATION' => '確定要暫停任務排程嗎？', + 'UNSUSPEND_CRON_CONFIRMATION' => '確定要解除暫停任務排程嗎？', + 'DELETE_BACKUP_CONFIRMATION' => '確定要刪除 %s 備份嗎？', + 'DELETE_EXCLUSION_CONFIRMATION' => '確定要刪除 %s 例外嗎？', + 'DELETE_PACKAGE_CONFIRMATION' => '確定要刪除方案 %s 嗎？', + 'DELETE_IP_CONFIRMATION' => '確定要刪除 IP 地址 %s 嗎？', + 'DELETE_RULE_CONFIRMATION' => '確定要刪除規則 #%s 嗎？', + 'SUSPEND_RULE_CONFIRMATION' => '確定要暫停規則 #%s 嗎？', + 'UNSUSPEND_RULE_CONFIRMATION' => '確定要解除暫停規則 #%s 嗎？', + 'LEAVE_PAGE_CONFIRMATION' => '確定離開嗎？', + 'RESTART_CONFIRMATION' => '確定要重新啟動 %s 嗎？', 'Welcome' => '歡迎', 'LOGGED_IN_AS' => '以使用者身份 %s 登入', 'Error' => '錯誤', @@ -495,20 +498,20 @@ $LANG['tw'] = array( 'Invalid username or code' => '無效的使用者名稱或驗證碼.', 'Passwords not match' => '密碼錯誤', 'Please enter valid email address.' => '請輸入正確的信箱', - 'Field "%s" can not be blank.' => '"%s" 不能為空白', - 'Password is too short.' => '密碼太短', - 'Error code:' => '錯誤代碼: %s', + 'Field "%s" can not be blank.' => '"%s" 欄位不能空白', + 'Password is too short.' => '密碼太短。', + 'Error code:' => '錯誤代碼：%s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" 失敗', 'IP address is in use' => 'IP 位置正在使用中', 'BACKUP_SCHEDULED' => '您的要求已加入隊列中，備份完成後會再以電子郵件通知您', - 'BACKUP_EXISTS' => '已經有一個備份正在執行中，請等待備份完成後再操作', - 'RESTORE_SCHEDULED' => '您的要求已加入隊列中，回復完成後會再以電子郵件通知您', - 'RESTORE_EXISTS' => '已經有一個回復正在執行中，請等待備份完成後再操作', + 'BACKUP_EXISTS' => '已經有一個備份正在執行中，請等待備份完成後再動作', + 'RESTORE_SCHEDULED' => '您的要求已加入隊列中，還原完成後會再以電子郵件通知您', + 'RESTORE_EXISTS' => '已經有一個還原正在執行中，請等待備份完成後再動作', - 'WEB_EXCLUSIONS' => '輸入網域名稱，每行一個網域。如要排除備份所有網域請使用*。排除特定的資料夾請依照這個格式: Example.com:public_html/cache:public_html/tmp', - 'DNS_EXCLUSIONS' => '輸入網域名稱，每行一個網域。如要排除備份所有網域請使用*', - 'MAIL_EXCLUSIONS' => '輸入網域名稱，每行一個網域。如要排除備份所有網域請使用*。要排除特定使用者請依照這個格式: Example.com:info:support:postmaster', - 'DB_EXCLUSIONS' => '輸入完整資料庫名城，每行一個資料庫。如要排除備份所有資料庫請使用*', + 'WEB_EXCLUSIONS' => '輸入網域名稱，每行一個網域。如要排除備份所有網域請使用「*」。排除特定的資料夾請依照這個格式：Example.com:public_html/cache:public_html/tmp', + 'DNS_EXCLUSIONS' => '輸入網域名稱，每行一個網域。如要排除備份所有網域請使用「*」', + 'MAIL_EXCLUSIONS' => '輸入網域名稱，每行一個網域。如要排除備份所有網域請使用「*」。要排除特定使用者請依照這個格式：Example.com:info:support:postmaster', + 'DB_EXCLUSIONS' => '輸入完整資料庫名城，每行一個資料庫。如要排除備份所有資料庫請使用「*」', 'CRON_EXCLUSIONS' => '要排除備份所有任務排程請使用*', 'USER_EXCLUSIONS' => '輸入要排除備份的資料夾名稱，每行一個資料夾。如要排除備份所有資料夾請使用*', @@ -516,13 +519,13 @@ $LANG['tw'] = array( 'MAIL_FROM' => 'Vesta 管理系統 ', 'GREETINGS_GORDON_FREEMAN' => "您好, %s %s,\n", 'GREETINGS' => "您好,\n", - 'ACCOUNT_READY' => "您的帳號已成功建立，並可以開始使用了!\n\nhttps://%s/login/\n使用者名稱: %s\n密碼: %s\n\n--\nVesta Control Panel\n", + 'ACCOUNT_READY' => "您的帳號已成功建立，並可以開始使用了！\n\nhttps://%s/login/\n使用者名稱：%s\n密碼：%s\n\n--\nVesta Control Panel\n", 'FTP login credentials' => 'FTP 登入資料', - 'FTP_ACCOUNT_READY' => "FTP帳號已成功建立，並可以開始使用了!\n\n主機名稱: %s\n使用者名稱: %s_%s\n密碼: %s\n\n--\nVesta Control Panel\n", + 'FTP_ACCOUNT_READY' => "FTP 帳號已成功建立，並可以開始使用了！\n\n主機名稱：%s\n使用者名稱：%s_%s\n密碼：%s\n\n--\nVesta Control Panel\n", 'Database Credentials' => '資料庫登入資料', - 'DATABASE_READY' => "資料庫已加入成功!\n\n資料庫名稱: %s\n使用者名稱: %s\n密碼: %s\n%s\n\n--\nVesta Control Panel\n", + 'DATABASE_READY' => "資料庫已加入成功！\n\n資料庫名稱：%s\n使用者名稱：%s\n密碼：%s\n%s\n\n--\nVesta Control Panel\n", 'forgot password' => '忘記密碼', 'Confirm' => '確認', @@ -531,22 +534,22 @@ $LANG['tw'] = array( 'Reset' => '重設', 'Reset Code' => '重設代碼', 'RESET_NOTICE' => '', - 'RESET_CODE_SENT' => '密買重設代碼已發送到您的信箱
', - 'MAIL_RESET_SUBJECT' => '密碼重置在 %s', - 'PASSWORD_RESET_REQUEST' => "重置密碼請點擊連結:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n或者您可以到 https://%s/reset/?action=code&user=%s 輸入密碼重設代碼:\n%s\n\n如果您沒有要求重設密碼，請忽略此郵件\n\n—\nVesta Control Panel\n", + 'RESET_CODE_SENT' => '密碼重設代碼已傳送到您的信箱
', + 'MAIL_RESET_SUBJECT' => '密碼重設在 %s', + 'PASSWORD_RESET_REQUEST' => "重設密碼請點擊連結：\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n或者您可以到 https://%s/reset/?action=code&user=%s 輸入密碼重設代碼：\n%s\n\n如果您沒有要求重設密碼，請忽略此郵件\n\n—\nVesta Control Panel\n", - 'Jan' => '1月', - 'Feb' => '2月', - 'Mar' => '3月', - 'Apr' => '4月', - 'May' => '5月', - 'Jun' => '6月', - 'Jul' => '7月', - 'Aug' => '8月', - 'Sep' => '9月', - 'Oct' => '10月', - 'Nov' => '11月', - 'Dec' => '12月', + 'Jan' => '一月', + 'Feb' => '二月', + 'Mar' => '三月', + 'Apr' => '四月', + 'May' => '五月', + 'Jun' => '六月', + 'Jul' => '七月', + 'Aug' => '八月', + 'Sep' => '九月', + 'Oct' => '十月', + 'Nov' => '十一月', + 'Dec' => '十二月', 'Configuring Server' => '設定主機', 'Hostname' => '主機名稱', @@ -555,7 +558,7 @@ $LANG['tw'] = array( 'Proxy Server' => 'Proxy 伺服器', 'Web Server' => 'Web 伺服器', 'Backend Server' => 'Backend 伺服器', - 'Backend Pool Mode' => 'Backend Pool Mode', + 'Backend Pool Mode' => 'Backend 池模式', 'DNS Server' => 'DNS 伺服器', 'DNS Cluster' => 'DNS 叢集', 'MAIL Server' => 'MAIL 伺服器', @@ -583,9 +586,9 @@ $LANG['tw'] = array( 'Template Manager' => '模組管理員', 'Backup Migration Manager' => '備份轉移管理員', 'FileManager' => '檔案管理員', - 'show: CPU / MEM / NET / DISK' => '顯示: 處理器 / 記憶體 / 網路 / 硬碟', + 'show: CPU / MEM / NET / DISK' => '顯示：處理器 / 記憶體 / 網路 / 硬碟', - 'sort by' => '排序按照', + 'sort by' => '排序依', 'Date' => '日期', 'Starred' => '加註星號', 'Name' => '名稱', @@ -608,8 +611,8 @@ $LANG['tw'] = array( 'ARCHIVE' => '壓縮', 'EXTRACT' => '解壓縮', 'DOWNLOAD' => '下載', - 'Are you sure?' => '確定嗎?', - 'Hit' => 'Hit', + 'Are you sure?' => '確定嗎？', + 'Hit' => '點擊', 'to reload the page' => '重新整理頁面', 'Directory name cannot be empty' => '資料夾名稱不能為空白', 'File name cannot be empty' => '檔案名稱不能為空白', @@ -661,18 +664,18 @@ $LANG['tw'] = array( 'Cancel saving form' => '不要儲存設定', 'Go to USER list' => '回到使用者列表', 'Go to WEB list' => '回到網站列表', - 'Go to DNS list' => '回到DNS列表', + 'Go to DNS list' => '回到 DNS 列表', 'Go to MAIL list' => '回到郵件列表', 'Go to DB list' => '回到資料庫列表', 'Go to CRON list' => '回到任務排程列表', 'Go to BACKUP list' => '回到備份列表', 'Focus on search' => '搜尋', 'Display/Close shortcuts' => '顯示/關閉快捷鍵列表', - 'Move backward through top menu' => '在頂置選單中向左移動', - 'Move forward through top menu' => '在頂置選單中向右移動', + 'Move backward through top menu' => '在頂部選單中向左移動', + 'Move forward through top menu' => '在頂部選單中向右移動', 'Enter focused element' => '進入選擇的選項', - 'Move up through elements list' => '往上查看列表', - 'Move down through elements list' => '往下查看列表', + 'Move up through elements list' => '往上檢視列表', + 'Move down through elements list' => '往下檢視列表', 'Upload' => '上傳', 'New File' => '新增檔案', @@ -705,13 +708,13 @@ $LANG['tw'] = array( 'Disable and Cancel Licence' => '刪除並且取消授權', 'Licence Activated' => '授權已啟用', 'Licence Deactivated' => '授權已停用', - 'Restrict users so that they cannot use SSH and access only their home directory.' => '禁止使用者使用SSH，並且只能存取他們自己的資料夾', - 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => '瀏覽、複製、編輯、存取你所有的網站資料使用全能的檔案管理員', + 'Restrict users so that they cannot use SSH and access only their home directory.' => '禁止使用者使用 SSH，並且只能存取他們自己的資料夾', + 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => '使用全能的檔案管理員瀏覽、複製、編輯、存取你所有的網站資料', 'This is a commercial module, you would need to purchace license key to enable it.' => '這是一個付費模組，您需要購買授權金鑰才能啟用它。', - 'Minutes' => '分', + 'Minutes' => '分鐘', 'Hourly' => '小時', - 'Run Command' => '執行命令', + 'Run Command' => '執行指令', 'every month' => '每月', 'every odd month' => '奇數月', 'every even month' => '偶數月', @@ -737,7 +740,7 @@ $LANG['tw'] = array( 'webalizer' => 'webalizer', 'awstats' => 'awstats', - 'Vesta SSL' => 'Vesta後台 SSL', + 'Vesta SSL' => 'Vesta 後台 SSL', 'SUBJECT' => '主體名稱', 'ALIASES' => '主體別名', 'NOT_BEFORE' => '有效期自', @@ -753,5 +756,5 @@ $LANG['tw'] = array( 'No encryption' => '不加密', 'Do not use encryption' => '不要使用加密', - 'maximum characters length, including prefix' => '最多 %s 字元(包含前綴)', + 'maximum characters length, including prefix' => '最多 %s 字元 (包含前綴)', ); From f80e6c8df88a12099266a6dfc72f93573a3b7d87 Mon Sep 17 00:00:00 2001 From: Hoto Cocoa Date: Tue, 10 Jul 2018 00:09:08 +0900 Subject: [PATCH 056/140] Improve korean i18n --- web/inc/i18n/ko.php | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/web/inc/i18n/ko.php b/web/inc/i18n/ko.php index 5c98950f..3a21ad4a 100644 --- a/web/inc/i18n/ko.php +++ b/web/inc/i18n/ko.php @@ -59,7 +59,7 @@ $LANG['ko'] = array( 'Add Rule' => '규칙 추가', 'Ban IP Address' => 'IP 주소 차단', 'Search' => '검색', - 'Add one more FTP Account' => 'FTP 계정을 하나 추가하기', + 'Add one more FTP Account' => 'FTP 계정을 추가하기', 'Overall Statistics' => '전체 통계', 'Daily' => '매일', 'Weekly' => '매주', @@ -70,7 +70,7 @@ $LANG['ko'] = array( 'Save' => '저장', 'Submit' => '등록', - 'toggle all' => '모두 활성화', + 'toggle all' => '모두 선택', 'apply to selected' => '선택된 것에 적용', 'rebuild' => '리빌드', 'rebuild web' => '웹 리빌드', @@ -522,7 +522,7 @@ $LANG['ko'] = array( 'Database Credentials' => '데이터베이스 정보', 'DATABASE_READY' => "데이터베이스가 성공적으로 생성되었습니다.\n\데이터베이스: %s\n사용자: %s\n비밀번호: %s\n\n--\nVesta 제어판\n", - 'forgot password' => '비밀번호 잊기', + 'forgot password' => '비밀번호 잊음', 'Confirm' => '확인', 'New Password' => '새 비밀번호', 'Confirm Password' => '비밀번호 확인', @@ -531,7 +531,7 @@ $LANG['ko'] = array( 'RESET_NOTICE' => '', 'RESET_CODE_SENT' => '비밀번호 초기화 코드가 이메일 주소로 전송되었습니다
', 'MAIL_RESET_SUBJECT' => '%s에서의 비밀번호 초기화', - 'PASSWORD_RESET_REQUEST' => "제어판 비밀번호를 초기화 하기 위해서, 다음의 링크로 접속해주세요:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n또는, 다음의 주소로 가주시고 https://%s/reset/?action=code&user=%s 다음의 초기화 코드를 입력해주세요:\n%s\n\n만약 비밀번호 초기화를 요청하지 않으셨다면, 이 메시지를 무시해주세요.\n\n--\nVesta 제어판\n", + 'PASSWORD_RESET_REQUEST' => "제어판 비밀번호를 초기화 하기 위해서, 다음의 링크로 접속해주세요:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n또는, 다음의 주소로 간 뒤 https://%s/reset/?action=code&user=%s 다음의 초기화 코드를 입력해주세요:\n%s\n\n만약 비밀번호 초기화를 요청하지 않으셨다면, 이 메시지를 무시해주세요.\n\n--\nVesta 제어판\n", 'Jan' => '1월', 'Feb' => '2월', @@ -557,15 +557,15 @@ $LANG['ko'] = array( 'DNS Server' => 'DNS 서버', 'DNS Cluster' => 'DNS 클러스터', 'MAIL Server' => 'MAIL 서버', - 'Antivirus' => '안티바이러스', - 'AntiSpam' => '안티스팸', + 'Antivirus' => '바이러스 필터링', + 'AntiSpam' => '스팸 필터링', 'Webmail URL' => '웹메일 주소', 'MySQL Support' => 'MySQL 지원', 'phpMyAdmin URL' => 'phpMyAdmin 주소', 'PostgreSQL Support' => 'PostgreSQL 지원', 'phpPgAdmin URL' => 'phpPgAdmin 주소', - 'Maximum Number Of Databases' => '최대 데이터베이스 숫자', - 'Current Number Of Databases' => '현재 데이터베이스 숫자', + 'Maximum Number Of Databases' => '최대 데이터베이스 개수', + 'Current Number Of Databases' => '현재 데이터베이스 개수', 'Local backup' => '로컬 백업', 'Compression level' => '압축 수준', 'Directory' => '폴더', @@ -633,8 +633,8 @@ $LANG['ko'] = array( 'Delete items' => '항목 삭제', 'Copy files' => '항목 복사', 'Move files' => '항목 이동', - 'Are you sure you want to copy' => '정말 복사하시겠습니까?', - 'Are you sure you want to move' => '정말 이동하시겠습니까?', + 'Are you sure you want to copy' => '정말 복사하시겠습니까', + 'Are you sure you want to move' => '정말 이동하시겠습니까', 'Are you sure you want to delete' => '정말 삭제하시겠습니까', 'into' => '안에', 'existing files will be replaced' => '존재하는 파일들은 대체 될 것입니다', From fd88749791aad96123efd2101b913dbe504d5f0d Mon Sep 17 00:00:00 2001 From: Hoto Cocoa Date: Wed, 11 Jul 2018 23:42:16 +0900 Subject: [PATCH 057/140] Fix typo --- web/inc/i18n/ko.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/inc/i18n/ko.php b/web/inc/i18n/ko.php index 3a21ad4a..a81db461 100644 --- a/web/inc/i18n/ko.php +++ b/web/inc/i18n/ko.php @@ -322,7 +322,7 @@ $LANG['ko'] = array( 'Minute' => '분', 'Command' => '명령어', 'Package Name' => '패키지 이름', - 'Netmask' => '넷마슴크', + 'Netmask' => '넷마크', 'Interface' => '인터페이스', 'Shared' => '공유된', 'Assigned user' => '부여 된 사용자', From 07a7c90cf6634c130b6df4005c6c339b02e6333d Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Fri, 13 Jul 2018 15:27:10 +0300 Subject: [PATCH 058/140] chkconfig firewalld off --- install/vst-install-rhel.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index e529ff65..1ecd2235 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -671,6 +671,8 @@ fi # Disabling iptables service iptables stop +service firewalld stop >/dev/null 2>&1 + # Configuring NTP synchronization echo '#!/bin/sh' > /etc/cron.daily/ntpdate @@ -1273,6 +1275,7 @@ ip=$(ip addr|grep 'inet '|grep global|head -n1|awk '{print $2}'|cut -f1 -d/) # Configuring firewall if [ "$iptables" = 'yes' ]; then + chkconfig firewalld off >/dev/null 2>&1 $VESTA/bin/v-update-firewall fi From 79e34f240b02d5b9d3ac86565710efd710ffb2cb Mon Sep 17 00:00:00 2001 From: myrevery Date: Sun, 15 Jul 2018 16:33:32 +0800 Subject: [PATCH 059/140] Update cn.php Refine some details. --- web/inc/i18n/cn.php | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/web/inc/i18n/cn.php b/web/inc/i18n/cn.php index 9d58b381..d47587db 100644 --- a/web/inc/i18n/cn.php +++ b/web/inc/i18n/cn.php @@ -98,7 +98,7 @@ $LANG['cn'] = array( 'list accounts' => '列出 %s 个账户', 'add account' => '添加账户', 'open webmail' => '打开网页邮箱', - 'list fail2ban' => 'fail2ban 封锁名单', + 'list fail2ban' => 'Fail2ban 封锁名单', 'open %s' => '打开 %s', 'download' => '下载', 'restore' => '恢复', @@ -136,7 +136,7 @@ $LANG['cn'] = array( 'Editing Package' => '编辑方案', 'Adding IP address' => '添加IP地址', 'Editing IP Address' => '编辑IP地址', - 'Editing Backup Exclusions' => '配置备份排除项目', + 'Editing Backup Exclusions' => '配置排除的备份项目', 'Generating CSR' => '生成CSR', 'Listing' => '列出', 'Search Results' => '搜索结果', @@ -175,7 +175,7 @@ $LANG['cn'] = array( 'User Directories' => '用户目录', 'Template' => '模板', 'Web Template' => 'Web模板', - 'Backend Template' => 'Backend模板', + 'Backend Template' => '后端模板', 'Proxy Template' => '代理模板', 'DNS Template' => 'DNS模板', 'Web Domains' => '网站域名', @@ -194,15 +194,15 @@ $LANG['cn'] = array( 'IP Addresses' => 'IP地址', 'Backups' => '备份', 'Backup System' => '备份系统', - 'backup exclusions' => '备份排除项目', + 'backup exclusions' => '排除的备份项目', 'template' => '模板', 'SSL Support' => '启用SSL', 'SSL Home Directory' => 'SSL站点主目录', 'Lets Encrypt Support' => '采用 Let's Encrypt', 'Lets Encrypt' => 'Let's Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => '证书将在5分钟内自动签发完成', + 'Your certificate will be automatically issued in 5 minutes' => '证书将在5分钟内自动完成签发', 'Proxy Support' => '反向代理', - 'Proxy Extensions' => '代理的文件扩展名', + 'Proxy Extensions' => '需代理的文件扩展名', 'Web Statistics' => '网站统计', 'Additional FTP Account' => '额外的FTP账户', 'Path' => '路径', @@ -274,7 +274,7 @@ $LANG['cn'] = array( 'ftp server' => 'FTP服务', 'job scheduler' => '执行定时任务', 'firewall' => '防火墙服务', - 'brute-force monitor' => '监控暴力破解', + 'brute-force monitor' => '防范暴力攻击', 'CPU' => 'CPU', 'Memory' => '内存', 'Uptime' => '已运行时间', @@ -442,7 +442,7 @@ $LANG['cn'] = array( '%s log records' => '%s 条日志记录', '1 object' => '1 个对象', '%s objects' => '%s 个对象', - 'no exclusions' => '未排除', + 'no exclusions' => '没有被排除的项目', '1 rule' => '1 条规则', '%s rules' => '%s 条规则', 'There are no currently banned IP' => '目前没有被封锁的IP地址', @@ -559,8 +559,8 @@ $LANG['cn'] = array( 'Default Language' => '默认语言', 'Proxy Server' => '代理服务器', 'Web Server' => 'Web 服务器', - 'Backend Server' => 'Backend 服务器', - 'Backend Pool Mode' => 'Backend Pool 模式', + 'Backend Server' => '后端服务器', + 'Backend Pool Mode' => '后端池模式', 'DNS Server' => 'DNS 服务器', 'DNS Cluster' => 'DNS 集群', 'MAIL Server' => '邮箱服务器', @@ -595,7 +595,7 @@ $LANG['cn'] = array( 'Starred' => '星标', 'Name' => '名称', - 'save to favorites' => '收藏加星', + 'save to favorites' => '添加星标', 'File Manager' => '文件管理', 'size' => '大小', @@ -635,8 +635,8 @@ $LANG['cn'] = array( 'Create' => '创建', 'Compress' => '压缩', 'OK' => '确定', - 'YOU ARE COPYING' => 'YOU ARE COPYING', - 'YOU ARE REMOVING' => 'YOU ARE REMOVING', + 'YOU ARE COPYING' => '你正在复制', + 'YOU ARE REMOVING' => '你正在移除', 'Delete items' => '删除这些项目', 'Copy files' => '复制这些文件', 'Move files' => '移动这些文件', @@ -746,7 +746,7 @@ $LANG['cn'] = array( 'SUBJECT' => '颁发给', 'ALIASES' => '可选名称', 'NOT_BEFORE' => '有效期从', - 'NOT_AFTER' => '有效期到', + 'NOT_AFTER' => '有效期至', 'SIGNATURE' => '签名算法', 'PUB_KEY' => '密钥位数', 'ISSUER' => '颁发者', From 7958b495c94ee3213c3ecf32d71e17015546ba4f Mon Sep 17 00:00:00 2001 From: Phinitnan Chanasabaeng Date: Wed, 18 Jul 2018 10:40:35 +0700 Subject: [PATCH 060/140] Updated and Fixed error on updating Letsencrypt cert with NGINX's drupal template. --- .../templates/web/nginx/php5-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php5-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php5-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php5-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php5-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php5-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php5-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../9/templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../9/templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../9/templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../5/templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../5/templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../5/templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../6/templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../6/templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../6/templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../7/templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../7/templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../7/templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- .../templates/web/nginx/php-fpm/drupal6.stpl | 52 +++++++--------- .../templates/web/nginx/php-fpm/drupal6.tpl | 49 +++++++-------- .../templates/web/nginx/php-fpm/drupal7.stpl | 58 ++++++++---------- .../templates/web/nginx/php-fpm/drupal7.tpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.stpl | 59 ++++++++---------- .../templates/web/nginx/php-fpm/drupal8.tpl | 60 ++++++++----------- 114 files changed, 2812 insertions(+), 3591 deletions(-) diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl index 91a70936..0af7ce84 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -31,48 +31,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl index ac32dcd9..d1096bff 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,48 +27,42 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } location / { try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } } location @rewrite { - # For Drupal 6 and bwlow: - # Some modules enforce no slash (/) at the end of the URL - # Else this rewrite block wouldn't be needed (GlobalRedirect) rewrite ^/(.*)$ /index.php?q=$1; } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } - location ~ ^/sites/.*/files/styles/ { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl index 3b9dabf5..030ea952 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -31,50 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl index 1b979475..c9729795 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,50 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl index 50d85b68..030ea952 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -31,51 +31,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl index 71b538bf..c9729795 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -18,7 +18,6 @@ server { access_log off; } - # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; @@ -28,51 +27,44 @@ server { return 403; } - # No no for private location ~ ^/sites/.*/private/ { return 403; } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; } - + location / { - try_files $uri @rewrite; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$)|^/update.php { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } + try_files $uri /index.php?$query_string; } - location @rewrite { - # You have 2 options here - # For D7 and above: - # Clean URLs are handled in drupal_environment_initialize(). - rewrite ^ /index.php; - } + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; From 98542d69bc0087859fcc3c04a0823e8d9afc62bb Mon Sep 17 00:00:00 2001 From: Dmitry Bannik Date: Fri, 27 Jul 2018 23:59:53 +0300 Subject: [PATCH 061/140] Fix editing backup exclusions --- bin/v-backup-user | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index bc57cafc..e59d84e5 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -233,7 +233,7 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then # Backup files cd $HOMEDIR/$user/web/$domain - tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz + tar -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz done # Print total From 4a27e61d60ea6e781a1b0985c2ccf7bf58c1031f Mon Sep 17 00:00:00 2001 From: Luiz Junior Date: Tue, 31 Jul 2018 10:32:47 -0300 Subject: [PATCH 062/140] Fix Dovecot Connection Fix dovecot Connection --- install/ubuntu/16.04/dovecot/dovecot.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ubuntu/16.04/dovecot/dovecot.conf b/install/ubuntu/16.04/dovecot/dovecot.conf index 311a3351..55c3672f 100644 --- a/install/ubuntu/16.04/dovecot/dovecot.conf +++ b/install/ubuntu/16.04/dovecot/dovecot.conf @@ -3,7 +3,7 @@ listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf -namespace { +namespace inbox{ type = private separator = / prefix = From 47a22f4a254aac61bb3c91c4ac7dd0eaf493f1b6 Mon Sep 17 00:00:00 2001 From: Luiz Junior Date: Tue, 31 Jul 2018 10:46:54 -0300 Subject: [PATCH 063/140] Fix dovecot namespace inbox { --- install/ubuntu/16.04/dovecot/dovecot.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ubuntu/16.04/dovecot/dovecot.conf b/install/ubuntu/16.04/dovecot/dovecot.conf index 55c3672f..163460ba 100644 --- a/install/ubuntu/16.04/dovecot/dovecot.conf +++ b/install/ubuntu/16.04/dovecot/dovecot.conf @@ -3,7 +3,7 @@ listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf -namespace inbox{ +namespace inbox { type = private separator = / prefix = From 1c315de8d7924362ee6b96a9767d1f1536caa78d Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Fri, 3 Aug 2018 18:34:13 +0300 Subject: [PATCH 064/140] fix for ubuntu 14.04 --- install/vst-install-ubuntu.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index ef4b7079..a17517e3 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -33,9 +33,9 @@ software="apache2 apache2.2-common apache2-suexec-custom apache2-utils # Fix for old releases if [[ ${release:0:2} -lt 16 ]]; then - software=$(echo "$software" |sed -e "s/php /php5 /") - software=$(echo "$software" |sed -e "s/php-/php5-/") - software=$(echo "$software" |sed -e "s/mod-php/mod-php5/") + software=$(echo "$software" |sed -e "s/php /php5 /g") + software=$(echo "$software" |sed -e "s/vesta-php5 /vesta-php /g") + software=$(echo "$software" |sed -e "s/php-/php5-/g") fi # Defining help function From 8bb89d2eb684f5ad8c7c85a0eab44c3b4eb493b3 Mon Sep 17 00:00:00 2001 From: Phinitnan Chanasabaeng Date: Mon, 6 Aug 2018 10:35:41 +0700 Subject: [PATCH 065/140] Updated Thai translation --- web/inc/i18n/th.php | 459 ++++++++++++++++++++++---------------------- 1 file changed, 230 insertions(+), 229 deletions(-) diff --git a/web/inc/i18n/th.php b/web/inc/i18n/th.php index 96f23bb5..07beb85e 100644 --- a/web/inc/i18n/th.php +++ b/web/inc/i18n/th.php @@ -3,6 +3,7 @@ * Vesta language file * Language: Thai ( Thailand ) * thatphon05@gmail.com + * phinitnan_c@xtony.us */ $LANG['th'] = array( @@ -11,10 +12,10 @@ $LANG['th'] = array( 'IP' => 'IP', 'Graphs' => 'กราฟ', 'Statistics' => 'สถิติ', - 'Log' => 'Log', - 'Server' => 'เซิฟเวอร์', + 'Log' => 'บันทึกเหตุการณ์', + 'Server' => 'เซิร์ฟเวอร์', 'Services' => 'บริการ', - 'Firewall' => 'ไฟร์วอลล์', + 'Firewall' => 'Firewall', 'Updates' => 'อัพเดท', 'Log in' => 'เข้าสู่ระบบ', 'Log out' => 'ออกจากระบบ', @@ -22,47 +23,47 @@ $LANG['th'] = array( 'USER' => 'ผู้ใช้', 'WEB' => 'เว็บ', 'DNS' => 'DNS', - 'MAIL' => 'เมล์', + 'MAIL' => 'เมล', 'DB' => 'ฐานข้อมูล', 'CRON' => 'CRON', 'BACKUP' => 'สำรองข้อมูล', 'LOGIN' => 'เข้าสู่ระบบ', - 'RESET PASSWORD' => 'รีเซ็ตรหัสผ่าน', + 'RESET PASSWORD' => 'ตั้งรหัสผ่านใหม่', 'SEARCH' => 'ค้นหา', 'PACKAGE' => 'แพ็กเกจ', 'RRD' => 'RRD', - 'STATS' => 'STATS', - 'LOG' => 'ล็อก', + 'STATS' => 'สถิติ', + 'LOG' => 'บันทึกเหตุการณ์', 'UPDATES' => 'อัพเดท', - 'FIREWALL' => 'ไฟร์วอลล์', - 'SERVER' => 'เซิฟเวอร์', + 'FIREWALL' => 'FIREWALL', + 'SERVER' => 'เซิร์ฟเวอร์', 'MEMORY' => 'หน่วยความจำ', - 'DISK' => 'พื้นที่จัดเก็บข้อมูล', + 'DISK' => 'พื้นที่เก็บข้อมูล', 'NETWORK' => 'เครือข่าย', - 'Web Log Manager' => 'ตัวจัดการ Web Log', + 'Web Log Manager' => 'ตัวจัดการบันทึกเหตุการณ์เว็บ', 'no notifications' => 'ไม่มีการแจ้งเตือน', 'Add User' => 'เพิ่มผู้ใช้', 'Add Domain' => 'เพิ่มโดเมน', - 'Add Web Domain' => 'เพิ่ม Web Domain', - 'Add DNS Domain' => 'เพิ่ม DNS Domain', - 'Add DNS Record' => 'เพิ่ม DNS Record', - 'Add Mail Domain' => 'เพิ่ม Mail Domain', - 'Add Mail Account' => 'เพิ่มบัญชีเมล์', + 'Add Web Domain' => 'เพิ่มโดเมนสำหรับเว็บ', + 'Add DNS Domain' => 'เพิ่มโดเมนสำหรับ DNS', + 'Add DNS Record' => 'เพิ่มรายการ DNS', + 'Add Mail Domain' => 'เพิ่มโดเมนสำหรับเมล', + 'Add Mail Account' => 'เพิ่มบัญชีเมล', 'Add Database' => 'เพิ่มฐานข้อมูล', - 'Add Cron Job' => 'เพิ่ม Cron Job', - 'Create Backup' => 'สร้างการสำรองข้อมูล', - 'Configure' => 'ปรับแต่ง', + 'Add Cron Job' => 'เพิ่มงาน CRON', + 'Create Backup' => 'สร้างข้อมูลสำรอง', + 'Configure' => 'ตั้งค่า', 'Restore All' => 'คืนค่าทั้งหมด', 'Add Package' => 'เพิ่มแพ็กเกจ', - 'Add IP' => 'เพิ่ม IP Address', - 'Add Rule' => 'เพิ่ม Rule', - 'Ban IP Address' => 'แบน IP Address', + 'Add IP' => 'เพิ่ม IP', + 'Add Rule' => 'เพิ่มกฎ', + 'Ban IP Address' => 'แบนหมายเลข IP', 'Search' => 'ค้นหา', - 'Add one more FTP Account' => 'เพิ่มอีกบัญชี', - 'Overall Statistics' => 'สถิติโดยรวม', + 'Add one more FTP Account' => 'เพิ่ม FTP อีกหนึ่งบัญชี', + 'Overall Statistics' => 'สถิติภาพรวม', 'Daily' => 'รายวัน', 'Weekly' => 'รายสัปดาห์', 'Monthly' => 'รายเดือน', @@ -73,28 +74,28 @@ $LANG['th'] = array( 'Submit' => 'ส่งข้อมูล', 'toggle all' => 'เลือกทั้งหมด', - 'apply to selected' => 'นำไปใช้กับที่เลือก', - 'rebuild' => 'สร้างใหม่', - 'rebuild web' => 'สร้างเว็บใหม่', - 'rebuild dns' => 'สร้าง DNS ใหม่', - 'rebuild mail' => 'สร้างเมล์ใหม่', - 'rebuild db' => 'สร้างฐานข้อมูลใหม่', - 'rebuild cron' => 'สร้าง Cron ใหม่', + 'apply to selected' => 'นำไปใช้กับรายการที่เลือก', + 'rebuild' => 'ใช้การตั้งค่าล่าสุด', + 'rebuild web' => 'ใช้การตั้งค่าเว็บล่าสุด', + 'rebuild dns' => 'ใช้การตั้งค่า DNS ล่าสุด', + 'rebuild mail' => 'ใช้การตั้งค่าเมลล่าสุด', + 'rebuild db' => 'ใช้การตั้งค่าฐานข้อมูลล่าสุด', + 'rebuild cron' => 'ใช้การตั้งค่า CRON ล่าสุด', 'update counters' => 'อัพเดทตัวนับ', 'suspend' => 'ระงับการใช้งาน', - 'unsuspend' => 'เปิดใช้งาน', + 'unsuspend' => 'ยกเลิกระงับการใช้งาน', 'delete' => 'ลบ', - 'show per user' => 'แสดงต่อผู้ใช้', - 'login as' => 'เข้าสู่ระบบด้วย', + 'show per user' => 'แสดงผลต่อผู้ใช้', + 'login as' => 'เข้าสู่ระบบในนาม', 'logout' => 'ออกจากระบบ', 'edit' => 'แก้ไข', 'open webstats' => 'เปิดสถิติเว็บ', - 'view logs' => 'ดู Logs', - 'list records' => 'รายการ %s records', - 'add record' => 'เพิ่ม Record', - 'list accounts' => 'รายการ %s บัญชี', + 'view logs' => 'ดูบันทึกเหตุการณ์', + 'list records' => 'แสดงรายการ', + 'add record' => 'เพิ่มรายการ', + 'list accounts' => 'แสดงบัญชี', 'add account' => 'เพิ่มบัญชี', - 'open webmail' => 'เปิด Webmail', + 'open webmail' => 'เปิดเว็บเมล', 'list fail2ban' => 'รายการ fail2ban', 'open %s' => 'เปิด %s', 'download' => 'ดาวน์โหลด', @@ -106,48 +107,48 @@ $LANG['th'] = array( 'update' => 'อัพเดท', 'generate' => 'สร้าง', 'Generate CSR' => 'สร้าง CSR', - 'reread IP' => 'อ่าน IP ใหม่', + 'reread IP' => 'อ่าน IP ซ้ำ', 'enable autoupdate' => 'เปิดการอัพเดทอัตโนมัติ', 'disable autoupdate' => 'ปิดการอัพเดทอัตโนมัติ', - 'turn on notifications' => 'เปิดใช้งานการแจ้งเตือน', - 'turn off notifications' => 'ปิดใช้งานการแจ้งเตือน', + 'turn on notifications' => 'เปิดการแจ้งเตือน', + 'turn off notifications' => 'ปิดการแจ้งเตือน', 'configure' => 'ปรับแต่ง', 'Adding User' => 'เพิ่มผู้ใช้', 'Editing User' => 'แก้ไขผู้ใช้', 'Adding Domain' => 'เพิ่มโดเมน', 'Editing Domain' => 'แก้ไขโดเมน', - 'Adding DNS Domain' => 'เพิ่ม DNS Domain', - 'Editing DNS Domain' => 'แก้ไข DNS Domain', - 'Adding DNS Record' => 'เพิ่ม DNS Record', - 'Editing DNS Record' => 'แก้ไข DNS Record', - 'Adding Mail Domain' => 'เพิ่ม Mail Domain', - 'Editing Mail Domain' => 'แก้ไข Mail Domain', - 'Adding Mail Account' => 'เพิ่มบัญชีเมล์', - 'Editing Mail Account' => 'แก้ไขบัญชีเมล์', + 'Adding DNS Domain' => 'เพิ่ม DNS สำหรับโดเมน', + 'Editing DNS Domain' => 'แก้ไข DNS สำหรับโดเมน', + 'Adding DNS Record' => 'เพิ่มรายการ DNS', + 'Editing DNS Record' => 'แก้ไขรายการ DNS', + 'Adding Mail Domain' => 'เพิ่มโดเมนสำหรับเมล', + 'Editing Mail Domain' => 'แก้ไขโดเมนสำหรับเมล', + 'Adding Mail Account' => 'เพิ่มบัญชีเมล', + 'Editing Mail Account' => 'แก้ไขบัญชีเมล', 'Adding database' => 'เพิ่มฐานข้อมูล', - 'Editing Cron Job' => 'แก้ไข Cron Job', - 'Adding Cron Job' => 'เพิ่ม Cron Job', + 'Editing Cron Job' => 'แก้ไขงาน CRON', + 'Adding Cron Job' => 'เพิ่มงาน CRON', 'Editing Database' => 'แก้ไขฐานข้อมูล', 'Adding Package' => 'เพิ่มแพ็กเกจ', 'Editing Package' => 'แก้ไขแพ็กเกจ', - 'Adding IP address' => 'เพิ่ม IP address', - 'Editing IP Address' => 'แก้ไข IP Address', + 'Adding IP address' => 'เพิ่มที่อยู่ IP', + 'Editing IP Address' => 'แก้ไขที่อยู่ IP', 'Editing Backup Exclusions' => 'แก้ไขการยกเว้นสำรองข้อมูล', 'Generating CSR' => 'สร้าง CSR', 'Listing' => 'รายการ', - 'Search Results' => 'ผลลัพธ์ของการค้นหา', - 'Adding Firewall Rule' => 'การเพิ่ม Firewall Rule', - 'Editing Firewall Rule' => 'การแก้ไข Firewall Rule', - 'Adding IP Address to Banlist' => 'การแบน IP Address', + 'Search Results' => 'ผลลัพธ์การค้นหา', + 'Adding Firewall Rule' => 'การเพิ่มกฎ Firewall', + 'Editing Firewall Rule' => 'การแก้ไขกฎ Firewall', + 'Adding IP Address to Banlist' => 'เพิ่มที่อยู่ IP ในรายการแบน', 'active' => 'เปิดใช้งาน', 'spnd' => 'ระงับการใช้งาน', 'suspended' => 'ระงับการใช้งานแล้ว', 'running' => 'กำลังทำงาน', 'stopped' => 'หยุดทำงานแล้ว', - 'outdated' => 'ตกรุ่น', - 'updated' => 'อัพเดท', + 'outdated' => 'ตกรุ่นแล้ว', + 'updated' => 'อัพเดทแล้ว', 'yes' => 'ใช่', 'no' => 'ไม่ใช่', @@ -164,37 +165,37 @@ $LANG['th'] = array( 'minutes' => 'นาที', 'month' => 'เดือน', 'package' => 'แพ็กเกจ', - 'Bandwidth' => 'แบนด์วิดธ์', + 'Bandwidth' => 'ปริมาณรับส่งข้อมูล', 'Disk' => 'พื้นที่จัดเก็บข้อมูล', 'Web' => 'เว็บ', - 'Mail' => 'เมล์', + 'Mail' => 'เมล', 'Databases' => 'ฐานข้อมูล', 'User Directories' => 'ไดเร็กทอรี่ของผู้ใช้', - 'Template' => 'Template', - 'Web Template' => 'Web Template', - 'Backend Template' => 'Backend Template', - 'Proxy Template' =>'Proxy Template', - 'DNS Template' => 'DNS Template', - 'Web Domains' => 'Web Domains', - 'SSL Domains' => 'SSL Domains', - 'Web Aliases' => 'Web Aliases', - 'per domain' => 'ต่อ Domain', - 'DNS Domains' => 'DNS Domains', - 'DNS domains' => 'DNS domains', - 'DNS records' => 'DNS records', + 'Template' => 'ตัวแบบ', + 'Web Template' => 'ตัวแบบเว็บ', + 'Backend Template' => 'ตัวเแบบ Backend', + 'Proxy Template' =>'ตัวแบบ Proxy', + 'DNS Template' => 'ตัวแบบ DNS', + 'Web Domains' => 'โดเมนสำหรับเว็บ', + 'SSL Domains' => 'โดเมนสำหรับ SSL', + 'Web Aliases' => 'ชื่อแทนเว็บ', + 'per domain' => 'ต่อโดเมน', + 'DNS Domains' => 'โดเมนสำหรับ DNS', + 'DNS domains' => 'โดเมนสำหรับ DNS', + 'DNS records' => 'รายการ DNS', 'Name Servers' => 'Name Servers', - 'Mail Domains' => 'Mail Domains', - 'Mail Accounts' => 'บัญชีเมล์', - 'Cron Jobs' => 'Cron Jobs', - 'SSH Access' => 'การเข้าถึง SSH', - 'IP Address' => 'IP Address', - 'IP Addresses' => 'IP Addresses', + 'Mail Domains' => 'โดเมนสำหรับเมล', + 'Mail Accounts' => 'บัญชีเมล', + 'Cron Jobs' => 'งาน CRON', + 'SSH Access' => 'การเข้าใช้ SSH', + 'IP Address' => 'ที่อยู่ IP', + 'IP Addresses' => 'ที่อยู่ IP', 'Backups' => 'สำรองข้อมูล', 'Backup System' => 'ระบบสำรองข้อมูล', 'backup exclusions' => 'ยกเว้นการสำรองข้อมูล', - 'template' => 'template', + 'template' => 'ตัวแบบ', 'SSL Support' => 'สนับสนุน SSL', - 'SSL Home Directory' => 'หน้าแรกของ SSL', + 'SSL Home Directory' => 'ไดเร็กทอรี่หลักของ SSL', 'Lets Encrypt Support' => 'สนับสนุน Lets Encrypt', 'Lets Encrypt' => 'Lets Encrypt', 'Your certificate will be automatically issued in 5 minutes' => 'ใบรับรองของคุณจะได้รับการออกโดยอัตโนมัติภายใน 5 นาที', @@ -206,17 +207,17 @@ $LANG['th'] = array( 'SOA' => 'SOA', 'TTL' => 'TTL', 'Expire' => 'หมดอายุ', - 'Records' => 'Records', + 'Records' => 'รายการ', 'Serial' => 'Serial', - 'Catchall email' => 'Catchall email', - 'AntiVirus Support' => 'สนับสนุน AntiVirus', - 'AntiSpam Support' => 'สนับสนุน AntiSpam', + 'Catchall email' => 'อีเมล Catchall', + 'AntiVirus Support' => 'สนับสนุนการป้องกันไวรัส', + 'AntiSpam Support' => 'สนับสนุนการป้องกันเมลขยะ', 'DKIM Support' => 'สนับสนุน DKIM', 'Accounts' => 'บัญชี', 'Quota' => 'โควตา', 'Autoreply' => 'ตอบกลับอัตโนมัติ', 'Forward to' => 'ส่งต่อไปยัง', - 'Do not store forwarded mail' => 'อย่าเก็บเมล์ที่ส่งต่อไว้', + 'Do not store forwarded mail' => 'ไม่เก็บเมลที่ส่งต่อแล้วไว้', 'IMAP hostname' => 'IMAP hostname', 'IMAP port' => 'IMAP port', 'IMAP security' => 'IMAP security', @@ -240,7 +241,7 @@ $LANG['th'] = array( 'Run Time' => 'เวลาทำงาน', 'Backup Size' => 'ขนาดสำรองข้อมูล', 'SYS' => 'SYS', - 'Domains' => 'Domains', + 'Domains' => 'โดเมน', 'Status' => 'สถานะ', 'shared' => 'shared', 'dedicated' => 'dedicated', @@ -253,72 +254,72 @@ $LANG['th'] = array( 'NGINX Usage' => 'การใช้ NGINX', 'MySQL Usage on localhost' => 'การใช้ MySQL บน localhost', 'PostgreSQL Usage on localhost' => 'การใช้ PostgreSQL บน localhost', - 'Bandwidth Usage eth0' => 'การใช้ แบนด์วิดธ์ ของ eth0', - 'Bandwidth Usage eth1' => 'การใช้ แบนด์วิดธ์ ของ eth1', + 'Bandwidth Usage eth0' => 'ขนาดการรับส่งข้อมูลของ eth0', + 'Bandwidth Usage eth1' => 'ขนาดการรับส่งข้อมูลของ eth1', 'Exim Usage' => 'การใช้ Exim', 'FTP Usage' => 'การใช้ FTP', 'SSH Usage' => 'การใช้ SSH', 'reverse proxy' => 'reverse proxy', - 'web server' => 'web server', - 'dns server' => 'dns server', - 'mail server' => 'mail server', - 'pop/imap server' => 'pop/imap server', - 'email antivirus' => 'email antivirus', - 'email antispam' => 'email antispam', - 'database server' => 'database server', - 'ftp server' => 'ftp server', + 'web server' => 'เซิร์ฟเวอร์เว็บ', + 'dns server' => 'เซิร์ฟเวอร์ dns', + 'mail server' => 'เซิร์ฟเวอร์เมล', + 'pop/imap server' => 'เซิร์ฟเวอร์ pop/imap', + 'email antivirus' => 'การป้องกันไวรัสอีเมล', + 'email antispam' => 'การป้องกันอีเมลขยะ', + 'database server' => 'เซิร์ฟเวอร์ฐานข้อมูล', + 'ftp server' => 'เซิร์ฟเวอร์ ftp', 'job scheduler' => 'job scheduler', 'firewall' => 'firewall', - 'brute-force monitor' => 'ตรวจสอบการ brute-force', + 'brute-force monitor' => 'ดักจับ brute-force', 'CPU' => 'CPU', 'Memory' => 'หน่วยความจำ', - 'Uptime' => 'เวลาทำงาน', + 'Uptime' => 'ระบบทำงานมาแล้ว', 'core package' => 'แพ็กเกจหลัก', - 'php interpreter' => 'ตัวแปลคำสั่ง php', + 'php interpreter' => 'ตัวแปลภาษา php', 'internal web server' => 'เว็บเซิร์ฟเวอร์ภายใน', 'Version' => 'เวอร์ชั่น', - 'Release' => 'เวอร์ชั่นการปล่อย', + 'Release' => 'ลำดับที่', 'Architecture' => 'สถาปัตยกรรม', 'Object' => 'วัตถุ', 'Username' => 'ชื่อผู้ใช้', 'Password' => 'รหัสผ่าน', - 'Email' => 'อีเมล์', + 'Email' => 'อีเมล', 'Package' => 'แพ็กเกจ', 'Language' => 'ภาษา', 'First Name' => 'ชื่อ', 'Last Name' => 'นามสกุล', 'Send login credentials to email address' => 'ชื่ออีเมล์สำหรับส่งข้อมูลการเข้าสู่ระบบ', - 'Default Template' => 'Template มาตรฐาน', - 'Default Name Servers' => 'Name Servers มาตรฐาน', + 'Default Template' => 'ตัวแบบเริ่มต้น', + 'Default Name Servers' => 'Name Servers เริ่มต้น', 'Domain' => 'โดเมน', 'DNS Support' => 'สนับสนุน DNS', - 'Mail Support' => 'สนับสนุนเมล์', + 'Mail Support' => 'สนับสนุนเมล', 'Advanced options' => 'ตัวเลือกขั้นสูง', 'Basic options' => 'ตัวเลือกพื้นฐาน', - 'Aliases' => 'Aliases', + 'Aliases' => 'ชื่อแทน', 'SSL Certificate' => 'SSL Certificate', 'SSL Key' => 'SSL Key', 'SSL Certificate Authority / Intermediate' => 'SSL Certificate Authority / Intermediate', 'SSL CSR' => 'SSL CSR', 'optional' => 'ทางเลือกเพิ่มเติม', 'internal' => 'ภายใน', - 'Statistics Authorization' => 'การตรวจสอบสถิติ', - 'Statistics Auth' => 'รับรองความถูกต้องของสถิติ', + 'Statistics Authorization' => 'กำหนดสิทธิการเข้าดูสถิติ', + 'Statistics Auth' => 'ลงทะเบียนเข้าดูสถิติ', 'Account' => 'บัญชี', - 'Prefix will be automaticaly added to username' => 'คำนำหน้า %s จะถูกเพิ่มลงในชื่อผู้ใช้โดยอัตโนมัติ', - 'Send FTP credentials to email' => 'ชื่ออีเมล์สำหรับส่งข้อมูล FTP', + 'Prefix will be automaticaly added to username' => 'จะมีการใส่คำนำหน้าลงในชื่อผู้ใช้โดยอัตโนมัติ', + 'Send FTP credentials to email' => 'ชื่ออีเมล์สำหรับส่งรหัสผ่าน FTP', 'Expiration Date' => 'วันหมดอายุ', 'YYYY-MM-DD' => 'ปี-เดือน-วัน', 'Name servers' => 'Name servers', - 'Record' => 'Record', + 'Record' => 'รายการ', 'IP or Value' => 'IP หรือ ค่า', 'Priority' => 'ลำดับความสำคัญ', - 'Record Number' => 'ตัวเลข record', + 'Record Number' => 'หมายเลขรายการ', 'in megabytes' => 'หน่วย megabytes', 'Message' => 'ข้อความ', 'use local-part' => 'ใช้ส่วนภายใน', 'one or more email addresses' => 'อย่างน้อย 1 ที่อยู่อีเมล์', - 'Prefix will be automaticaly added to database name and database user' => 'คำนำหน้า %s จะถูกเพิ่มชื่อในฐานข้อมูลและฐานข้อมูลผู้ใช้โดยอัตโนมัติ', + 'Prefix will be automaticaly added to database name and database user' => 'จะมีการเพิ่มคำนำหน้าชื่อฐานข้อมูลและชื่อผู้ใช้ฐานข้อมูลโดยอัตโนมัติ', 'Database' => 'ฐานข้อมูล', 'Type' => 'ชนิด', 'Minute' => 'นาที', @@ -327,35 +328,35 @@ $LANG['th'] = array( 'Netmask' => 'Netmask', 'Interface' => 'Interface', 'Shared' => 'แชร์', - 'Assigned user' => 'กำหนดผู้ใช้แล้ว', - 'Assigned domain' => 'โดเมนที่กำหนด', + 'Assigned user' => 'ผู้ใช้ที่กำหนดไว้', + 'Assigned domain' => 'โดเมนที่กำหนดไว้', 'NAT IP association' => 'NAT IP association', 'shell' => 'shell', - 'web domains' => 'web domains', - 'web aliases' => 'web aliases', - 'dns records' => 'dns records', - 'mail domains' => 'mail domains', - 'mail accounts' => 'บัญชีเมล์', + 'web domains' => 'โดเมนสำหรับเว็บ', + 'web aliases' => 'ชื่อแทนเว็บ', + 'dns records' => 'รายการ dns', + 'mail domains' => 'โดเมนสำหรับเมล', + 'mail accounts' => 'บัญชีเมล', 'accounts' => 'บัญชี', 'databases' => 'ฐานข้อมูล', - 'cron jobs' => 'cron jobs', + 'cron jobs' => 'งาน cron', 'backups' => 'สำรองข้อมูล', 'quota' => 'โควต้า', - 'day of week' => 'วันในสัปดาห์', - 'cmd' => 'cmd', + 'day of week' => 'วันของสัปดาห์', + 'cmd' => 'คำสั่ง', 'users' => 'ผู้ใช้', 'domains' => 'โดนเมน', - 'aliases' => 'aliases', - 'records' => 'records', - 'jobs' => 'jobs', + 'aliases' => 'ชื่อแทน', + 'records' => 'รายการ', + 'jobs' => 'งาน', 'username' => 'ชื่อผู้ใช้', 'password' => 'รหัสผ่าน', 'type' => 'ชนิด', 'charset' => 'charset', 'domain' => 'โดเมน', 'ip' => 'ip', - 'ip address' => 'ip address', - 'IP address' => 'IP address', + 'ip address' => 'ที่อยู่ ip', + 'IP address' => 'ที่อยู่ IP', 'netmask' => 'netmask', 'interface' => 'interface', 'assigned user' => 'กำหนดผู้ใช้แล้ว', @@ -368,11 +369,11 @@ $LANG['th'] = array( 'account' => 'บัญชี', 'ssl certificate' => 'ssl certificate', 'ssl key' => 'ssl key', - 'stats user password' => 'stats user password', - 'stats username' => 'stats username', - 'stats password' => 'stats password', - 'ftp user password' => 'FTP ชื่อผู้ใช้ รหัสผ่าน', - 'ftp user' => 'ผู้ใช้ FTP', + 'stats user password' => 'รหัสผ่านของผู้ใช้สถิติ', + 'stats username' => 'ชื่อผู้ใช้สถิติ', + 'stats password' => 'รหัสผ่านสถิติ', + 'ftp user password' => 'รหัสผ่านของผู้ใช้สำหรับ ftp', + 'ftp user' => 'ผู้ใช้ ftp', 'Last 70 lines of %s.%s.log' => '70 บรรทัดสุดท้ายของ %s.%s.log', 'AccessLog' => 'AccessLog', 'ErrorLog' => 'ErrorLog', @@ -383,13 +384,13 @@ $LANG['th'] = array( 'State / Province' => 'ถนน / แขวง', 'City / Locality' => 'เมือง / ท้องถิ่น', 'Organization' => 'องค์กร', - 'Action' => 'การกระทำ', + 'Action' => 'ดำเนินการ', 'Protocol' => 'โปรโตคอล', 'Port' => 'Port', 'Comment' => 'หมายเหตุ', 'Banlist' => 'รายชื่อที่โดนแบน', 'ranges are acceptable' => 'ช่วงที่ยอมรับได้', - 'CIDR format is supported' => 'การสนับสนุน CIDR', + 'CIDR format is supported' => 'สนับสนุนรูปแบบ CIDR', 'ACCEPT' => 'ยอมรับ', 'DROP' => 'บล็อค', 'TCP' => 'TCP', @@ -400,12 +401,12 @@ $LANG['th'] = array( 'VESTA' => 'VESTA', 'Add one more Name Server' => 'เพิ่ม Name Server อีก', - 'web domain' => 'web domain', - 'dns domain' => 'dns domain', - 'dns record' => 'dns record', - 'mail domain' => 'mail domain', + 'web domain' => 'โดเมนสำหรับเว็บ', + 'dns domain' => 'โดเมนสำหรบ dns', + 'dns record' => 'รายการ dns', + 'mail domain' => 'โดเมนสำหรับเมล', 'mail account' => 'บัญชีเมล์', - 'cron job' => 'cron job', + 'cron job' => 'งาน cron', 'cron' => 'cron', 'user dir' => 'ไดเร็กทอรี่ของผู้ใช้', @@ -415,91 +416,91 @@ $LANG['th'] = array( '%s accounts' => '%s บัญชี', '1 domain' => '1 โดเมน', '%s domains' => '%s โดเมน', - '1 record' => '1 record', - '%s records' => '%s records', - '1 mail account' => '1 บัญชีเมล์', - '%s mail accounts' => '%s บัญชีเมล์', + '1 record' => '1 รายการ', + '%s records' => '%s รายการ', + '1 mail account' => '1 บัญชีเมล', + '%s mail accounts' => '%s บัญชีเมล', '1 database' => '1 ฐานข้อมูล', '%s databases' => '%s ฐานข้อมูล', - '1 cron job' => '1 cron job', - '%s cron jobs' => '%s cron jobs', - '1 archive' => '1 เก็บถาวร', - '%s archives' => '%s เก็บถาวร', + '1 cron job' => '1 งาน cron', + '%s cron jobs' => '%s งาน cron', + '1 archive' => '1 ข้อมูลสำรอง', + '%s archives' => '%s ข้อมูลสำรอง', '1 item' => '1 รายการ', '%s items' => '%s รายการ', '1 package' => '1 แพ็กเกจ', - '%s packages' => '%s packages', - '1 IP address' => '1 IP address', - '%s IP addresses' => '%s IP addresses', + '%s packages' => '%s แพ็กเกจ', + '1 IP address' => '1 ที่อยู่ IP', + '%s IP addresses' => '%s ที่อยู่ IP', '1 month' => '1 เดือน', '%s months' => '%s เดือน', - '1 log record' => '1 log record', - '%s log records' => '%s log record', + '1 log record' => '1 บันทึกเหตุการณ์', + '%s log records' => '%s บันทึกเหตุการณ์', '1 object' => '1 วัตถุ', '%s objects' => '%s วัตถุ', 'no exclusions' => 'ไม่มีการยกเว้น', - '1 rule' => '1 rule', - '%s rules' => '%s rules', + '1 rule' => '1 กฎ', + '%s rules' => '%s กฎ', 'There are no currently banned IP' => 'ไม่มี IP ที่ถูกแบน', - 'USER_CREATED_OK' => 'สร้างผู้ใช้ %s สำเร็จแล้ว', - 'WEB_DOMAIN_CREATED_OK' => 'สร้างโดนเมน %s สำเร็จแล้ว', - 'DNS_DOMAIN_CREATED_OK' => 'สร้าง DNS domain %s สำเร็จแล้ว', - 'DNS_RECORD_CREATED_OK' => 'สร้าง Record %s.%s ได้ถูกสร้างสำเร็จแล้ว', - 'MAIL_DOMAIN_CREATED_OK' => 'สร้าง Mail domain %s สำเร็จแล้ว', - 'MAIL_ACCOUNT_CREATED_OK' => 'สร้างบัญชีเมล์ %s@%s สำเร็จแล้ว', - 'DATABASE_CREATED_OK' => 'สร้างฐานข้อมูล %s สำเร็จแล้ว', - 'CRON_CREATED_OK' => 'สร้าง Cron job ได้ถูกสร้างแล้ว', - 'IP_CREATED_OK' => 'สร้าง IP address %s สำเร็จแล้ว', - 'PACKAGE_CREATED_OK' => 'สร้างแพ็กเกจ %s สำเร็จแล้ว', - 'SSL_GENERATED_OK' => 'สร้างใบรับรองสำเร็จแล้ว', - 'RULE_CREATED_OK' => 'สร้าง Rule สำเร็จแล้ว', - 'BANLIST_CREATED_OK' => 'สร้าง IP address สำเร็จแล้ว', + 'USER_CREATED_OK' => 'สร้างผู้ใช้ %s แล้ว', + 'WEB_DOMAIN_CREATED_OK' => 'สร้างโดเมน %s แล้ว', + 'DNS_DOMAIN_CREATED_OK' => 'สร้างโดเมนสำหรับ DNS %s แล้ว', + 'DNS_RECORD_CREATED_OK' => 'สร้างรายการ %s.%s แล้ว', + 'MAIL_DOMAIN_CREATED_OK' => 'สร้างโดเมนสำหรับเมล %s แล้ว', + 'MAIL_ACCOUNT_CREATED_OK' => 'สร้างบัญชีเมล %s@%s แล้ว', + 'DATABASE_CREATED_OK' => 'สร้างฐานข้อมูล %s แล้ว', + 'CRON_CREATED_OK' => 'สร้างงาน Cron แล้ว', + 'IP_CREATED_OK' => 'สร้างที่อยู่ IP %s แล้ว', + 'PACKAGE_CREATED_OK' => 'สร้างแพ็กเกจ %s แล้ว', + 'SSL_GENERATED_OK' => 'สร้าง SSL Certificate แล้ว', + 'RULE_CREATED_OK' => 'สร้างกฎแล้ว', + 'BANLIST_CREATED_OK' => 'สร้างรายการแบนหมายเลข IP แล้ว', 'Autoupdate has been successfully enabled' => 'เปิดใช้งานการอัพเดทอัตโนมัติสำเร็จแล้ว', 'Autoupdate has been successfully disabled' => 'ปิดใช้งานการอัพเดทอัตโนมัติสำเร็จแล้ว', - 'Cronjob email reporting has been successfully enabled' => 'การรายงานทางอีเมลของ Cronjob ได้รับการเปิดใช้งานเรียบร้อยแล้ว', - 'Cronjob email reporting has been successfully disabled' => 'การรายงานทางอีเมลของ Cronjob ได้รับการปิดใช้งานเรียบร้อยแล้ว', + 'Cronjob email reporting has been successfully enabled' => 'เปิดการรายงานทางอีเมลของ Cronjob แล้ว', + 'Cronjob email reporting has been successfully disabled' => 'ปิดการรายงานทางอีเมลของ Cronjob แล้ว', 'Changes has been saved.' => 'บันทึกการเปลี่ยนแปลงแล้ว', 'Confirmation' => 'การยืนยัน', - 'DELETE_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบผู้ใช้ %s?', - 'SUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับผู้ใช้ %s?', - 'UNSUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานผู้ใช้ %s?', - 'DELETE_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบโดเมน %s?', - 'SUSPEND_DOMAIN_CONFIRMATION' => 'แน่ใจหรือไม่ว่าคุณต้องการ ระงับโดเมน %s?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานโดเมน %s?', - 'DELETE_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ Record %s?', - 'SUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ Record %s?', - 'UNSUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน Record %s?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือว่าต้องการ ลบเมล์ %s?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับเมล์ %s?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานเมล์ %s?', - 'DELETE_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบฐานข้อมูล %s?', - 'SUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับฐานข้อมูล %s?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานฐานข้อมูล %s?', - 'DELETE_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ cron job?', - 'SUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ cron job?', - 'UNSUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน cron job?', - 'DELETE_BACKUP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบการสำรองข้อมูล %s?', - 'DELETE_EXCLUSION_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ %s ในการยกเว้น?', - 'DELETE_PACKAGE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบแพ็กเกจ %s?', - 'DELETE_IP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ IP address %s?', - 'DELETE_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ rule #%s?', - 'SUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับ rule #%s?', - 'UNSUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน rule #%s?', - 'LEAVE_PAGE_CONFIRMATION' => 'ออกจากหน้านี้?', - 'RESTART_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการเริ่มต้นใหม่ %s?', + 'DELETE_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบผู้ใช้ %s', + 'SUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับผู้ใช้ %s', + 'UNSUSPEND_USER_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานผู้ใช้ %s', + 'DELETE_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบโดเมน %s', + 'SUSPEND_DOMAIN_CONFIRMATION' => 'แน่ใจหรือไม่ว่าคุณต้องการ ระงับโดเมน %s', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานโดเมน %s', + 'DELETE_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบรายการ %s', + 'SUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับรายการ %s', + 'UNSUSPEND_RECORD_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานรายการ %s', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือว่าต้องการ ลบเมล %s', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับเมล %s', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานเมล %s', + 'DELETE_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบฐานข้อมูล %s', + 'SUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับฐานข้อมูล %s', + 'UNSUSPEND_DATABASE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานฐานข้อมูล %s', + 'DELETE_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบงาน cron', + 'SUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับงาน cron', + 'UNSUSPEND_CRON_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งาน cron', + 'DELETE_BACKUP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบการสำรองข้อมูล %s', + 'DELETE_EXCLUSION_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบ %s ในการยกเว้น', + 'DELETE_PACKAGE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบแพ็กเกจ %s', + 'DELETE_IP_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบที่อยู่ IP %s', + 'DELETE_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ลบกฎ #%s', + 'SUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ ระงับกฎ #%s', + 'UNSUSPEND_RULE_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการ เปิดการใช้งานกฎ #%s', + 'LEAVE_PAGE_CONFIRMATION' => 'ออกจากหน้านี้', + 'RESTART_CONFIRMATION' => 'คุณแน่ใจหรือไม่ว่าต้องการเริ่มต้นใหม่ %s', 'Welcome' => 'ยินดีต้อนรับ', 'LOGGED_IN_AS' => 'เข้าสู่ระบบในฐานะผู้ใช้ %s', 'Error' => 'เกิดข้อผิดพลาด', 'Invalid username or password' => 'ชื่อผู้ใช้หรือรหัสผ่านไม่ถูกต้อง', 'Invalid username or code' => 'ชื่อผู้ใช้หรือรหัสไม่ถูกต้อง', 'Passwords not match' => 'รหัสผ่านทั้งสองไม่ตรงกัน', - 'Please enter valid email address.' => 'กรุณาใส่เมล์ที่ถูกต้อง', + 'Please enter valid email address.' => 'กรุณาใส่เมลที่ถูกต้อง', 'Field "%s" can not be blank.' => 'ช่อง "%s" ไม่สามารถเว้นว่างไว้', 'Password is too short.' => 'รหัสผ่านสั้นเกินไป (ต่ำสุด 6 ตัวอักษร)', 'Error code:' => 'รหัสข้อผิดพลาด: %s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" ล้มเหลว', - 'IP address is in use' => 'IP address กำลังใช้งานอยู่', + 'IP address is in use' => 'ที่อยู่ IP ถูกใช้งานอยู่', 'BACKUP_SCHEDULED' => 'มีการเพิ่มงานลงในคิวแล้ว คุณจะได้รับอีเมลแจ้งเตือนเมื่อการสำรองข้อมูลของคุณพร้อมสำหรับการดาวน์โหลด', 'BACKUP_EXISTS' => 'มีการสำรองข้อมูลอยู่ โปรดรอให้การสำรองข้อมูลในปัจจุบันเสร็จสิ้น', 'RESTORE_SCHEDULED' => 'มีการเพิ่มงานลงในคิวแล้ว คุณจะได้รับการแจ้งเตือนทางอีเมลเมื่อการคืนค่าเสร็จสิ้น', @@ -521,7 +522,7 @@ $LANG['th'] = array( 'FTP login credentials' => 'ข้อมูลการเข้าสู่ระบบ FTP', 'FTP_ACCOUNT_READY' => "มีการสร้างบัญชี FTP และพร้อมใช้งานแล้ว\n\nโฮสต์: %s\nชื่อผู้ใช้: %s_%s\nรหัสผ่าน: %s\n\n--\nVesta Control Panel\n", - 'Database Credentials' => 'ข้อมูลของฐานข้อมูล', + 'Database Credentials' => 'ข้อมูลการใช้งานฐานข้อมูล', 'DATABASE_READY' => "สร้างฐานข้อมูลเรียบร้อยแล้ว\n\nDatabase: %s\nชื่อ: %s\nรหัสผ่าน: %s\n%s\n\n--\nVesta Control Panel\n", 'forgot password' => 'ลืมรหัสผ่าน', @@ -530,7 +531,7 @@ $LANG['th'] = array( 'Confirm Password' => 'ยืนยันรหัสผ่าน', 'Reset' => 'รีเซ็ต', 'Reset Code' => 'รหัสสำหรับรีเซ็ต', - 'RESET_NOTICE' => '', + 'RESET_NOTICE' => 'แจ้งการ', 'RESET_CODE_SENT' => 'รหัสสำหรับรีเซ็ตรหัสผ่านถูกส่งไปยังที่อยู่อีเมลของคุณแล้ว
', 'MAIL_RESET_SUBJECT' => 'ตั้งค่ารหัสผ่านใหม่ที่ %s', 'PASSWORD_RESET_REQUEST' => "หากต้องการรีเซ็ตรหัสผ่านของแผงควบคุมโปรดไปที่ลิงก์นี้:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nAlternatively, คุณอาจจะไปที่ https://%s/reset/?action=code&user=%s และใส่รหัสรีเซ็ตดังต่อไปนี้:\n%s\n\nหากคุณไม่ได้ขอรหัสผ่านใหม่โปรดละเว้นข้อความนี้และยอมรับคำขอโทษของเรา\n\n--\nVesta Control Panel\n", @@ -548,41 +549,41 @@ $LANG['th'] = array( 'Nov' => 'พ.ย.', 'Dec' => 'ธ.ค.', - 'Configuring Server' => 'การกำหนดค่าเซิฟเวอร์', + 'Configuring Server' => 'การกำหนดค่าเซิร์ฟเวอร์', 'Hostname' => 'Hostname', 'Time Zone' => 'เขตเวลา', 'Default Language' => 'ภาษาเริ่มต้น', - 'Proxy Server' => 'Proxy Server', - 'Web Server' => 'Web Server', - 'Backend Server' => 'Backend Server', - 'Backend Pool Mode' => 'Backend Pool Mode', - 'DNS Server' => 'DNS Server', + 'Proxy Server' => 'เซิร์ฟเวอร์ Proxy', + 'Web Server' => 'เซิร์ฟเวอร์เว็บ', + 'Backend Server' => 'เซิร์ฟเวอร์ Backend', + 'Backend Pool Mode' => 'โหมด Backend Pool', + 'DNS Server' => 'เซิร์ฟเวอร์ DNS', 'DNS Cluster' => 'DNS Cluster', - 'MAIL Server' => 'MAIL Server', - 'Antivirus' => 'Antivirus', - 'AntiSpam' => 'AntiSpam', + 'MAIL Server' => 'เซิร์ฟเวอร์เมล', + 'Antivirus' => 'ป้องกันไวรัส', + 'AntiSpam' => 'ป้องกันเมลขยะ', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'สนับสนุน MySQL', - 'phpMyAdmin URL' => 'ที่อยู่ของ phpMyAdmin', + 'phpMyAdmin URL' => 'phpMyAdmin URL', 'PostgreSQL Support' => 'สนับสนุน PostgreSQL', - 'phpPgAdmin URL' => 'ที่อยู่ของ phpPgAdmin', + 'phpPgAdmin URL' => 'phpPgAdmin URL', 'Maximum Number Of Databases' => 'จำนวนฐานข้อมูลสูงสุด', 'Current Number Of Databases' => 'จำนวนฐานข้อมูลปัจจุบัน', - 'Local backup' => 'สำรองข้อมูลท้องถิ่น', + 'Local backup' => 'สำรองข้อมูลภายใน', 'Compression level' => 'ระดับการบีบอัด', 'Directory' => 'ไดเร็กทอรี่', - 'Remote backup' => 'การสำรองข้อมูลระยะไกล', + 'Remote backup' => 'การสำรองข้อมูลภายนอก', 'ftp' => 'FTP', 'sftp' => 'SFTP', 'SFTP Chroot' => 'SFTP Chroot', - 'FileSystem Disk Quota' => 'FileSystem Disk Quota', + 'FileSystem Disk Quota' => 'โควต้าการเก็บข้อมูลในระบบ', 'Vesta Control Panel Plugins' => 'ปลั๊กอิน Vesta Control Panel', 'preview' => 'ดูตัวอย่าง', 'Reseller Role' => 'บทบาท Reseller', 'Web Config Editor' => 'เครื่องมือแก้ไขการตั้งค่าเว็บ', 'Template Manager' => 'ตัวจัดการ Template', 'Backup Migration Manager' => 'ตัวจัดการการย้ายข้อมูลสำรอง', - 'FileManager' => 'FileManager', + 'FileManager' => 'ตัวจัดการไฟล์', 'show: CPU / MEM / NET / DISK' => 'แสดง: CPU / MEM / NET / DISK', 'sort by' => 'จัดเรียงโดย', @@ -592,7 +593,7 @@ $LANG['th'] = array( 'save to favorites' => 'บันทึกในรายการโปรด', - 'File Manager' => 'File Manager', + 'File Manager' => 'ตัวจัดการไฟล์', 'size' => 'ขนาด', 'date' => 'วันที่', 'name' => 'ชื่อ', @@ -608,8 +609,8 @@ $LANG['th'] = array( 'ARCHIVE' => 'เก็บถาวร', 'EXTRACT' => 'แตกไฟล์', 'DOWNLOAD' => 'ดาวน์โหลด', - 'Are you sure?' => 'คุณแน่ใจ?', - 'Hit' => 'Hit', + 'Are you sure?' => 'คุณแน่ใจหรือไม่', + 'Hit' => 'จำนวนการเข้าถึง', 'to reload the page' => 'เพื่อโหลดหน้าเว็บใหม่', 'Directory name cannot be empty' => 'ชื่อไดเร็กทอรี่ต้องไม่ว่างเปล่า', 'File name cannot be empty' => 'ชื่อไฟล์ต้องไม่ว่างเปล่า', @@ -629,7 +630,7 @@ $LANG['th'] = array( 'Extract' => 'แตกไฟล์', 'Create' => 'สร้าง', 'Compress' => 'บีบอัด', - 'OK' => 'โอเค', + 'OK' => 'ตกลง', 'YOU ARE COPYING' => 'คุณกำลังคัดลอก', 'YOU ARE REMOVING' => 'คุณกำลังลบ', 'Delete items' => 'ลบรายการ', @@ -667,7 +668,7 @@ $LANG['th'] = array( 'Go to CRON list' => 'ไปที่รายการ CRON', 'Go to BACKUP list' => 'ไปที่รายการ สำรองข้อมูล', 'Focus on search' => 'มุ่งเน้นการค้นหา', - 'Display/Close shortcuts' => 'แสดง/ปิด shortcuts', + 'Display/Close shortcuts' => 'แสดง/ปิดทางลัด', 'Move backward through top menu' => 'เลื่อนกลับไปที่เมนูด้านบน', 'Move forward through top menu' => 'เลื่อนไปข้างหน้าผ่านเมนูด้านบน', 'Enter focused element' => 'ใส่องค์ประกอบที่เน้น', @@ -696,7 +697,7 @@ $LANG['th'] = array( 'Add File to the Current Selection' => 'เพิ่มไฟล์ในการเลือกปัจจุบัน', 'Select All Files' => 'เลือกไฟล์ทั้งหมด', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => - 'shortcuts are inspired by magnificent GNU Midnight Commander file manager', + 'ทางลัดต่างๆ ได้แรงบันดาลใจจากตัวจัดการไฟล์ magnificent GNU Midnight Commander', 'Licence Key' => 'License Key', 'Enter License Key' => 'กรอก License Key', @@ -705,7 +706,7 @@ $LANG['th'] = array( 'Disable and Cancel License' => 'ปิดการใช้งาน และยกเลิก License', 'Licence Activated' => 'เปิดใช้งาน License แล้ว', 'Licence Deactivated' => 'ปิดการใช้งาน License แล้ว', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'จำกัดผู้ใช้เพื่อไม่ให้ใช้ SSH และเข้าถึงไดเร็กทอรี่บ้านเท่านั้น', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'จำกัดผู้ใช้เพื่อไม่ให้ใช้ SSH และเข้าถึงไดเร็กทอรี่ของตนเองเท่านั้น', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'เรียกดู, คัดลอก, แก้ไข, ดู, และเรียกค้นหาไฟล์โดเมนทั้งหมดของเว็บโดยใช้ตัวจัดการไฟล์ที่มีคุณลักษณะครบถ้วน', 'This is a commercial module, you would need to purchace license key to enable it.' => 'สิ่งนี้ไม่ใช่โมดูลฟรี, คุณจะต้องซื้อ License Key เพื่อเปิดใช้งาน', @@ -746,14 +747,14 @@ $LANG['th'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'ใช้ server hostname', - 'Use domain hostname' => 'ใช้ domain hostname', + 'Use server hostname' => 'ใช้ hostname ของเซิร์ฟเวอร์', + 'Use domain hostname' => 'ใช้ hostname ของโดเมน', 'Use STARTTLS' => 'ใช้ STARTTLS', 'Use SSL / TLS' => 'ใช้ SSL / TLS', - 'No encryption' => 'ไม่มี encryption', - 'Do not use encryption' => 'ไม่ใช้ encryption', + 'No encryption' => 'ไม่มีการเข้ารหัส', + 'Do not use encryption' => 'ไม่ใช้การเข้ารหัส', 'maximum characters length, including prefix' => 'ความยาว charset สูงสุด %s ตัว, รวมถึงคำนำหน้า', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'ข้อมูลการใช้อีเมล', ); From 0e484587a84c74293aa02779f85934f22a575ea2 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 9 Aug 2018 17:42:47 +0300 Subject: [PATCH 066/140] Added back policy.d block for daeomon autostart on install --- install/vst-install-ubuntu.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index a17517e3..bb74295b 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -626,15 +626,15 @@ fi # Updating system apt-get update -# Disabling daemon autostart /usr/share/doc/sysv-rc/README.policy-rc.d.gz -#echo -e '#!/bin/sh \nexit 101' > /usr/sbin/policy-rc.d -#chmod a+x /usr/sbin/policy-rc.d +# Disabling daemon autostart on apt-get install +echo -e '#!/bin/sh\nexit 101' > /usr/sbin/policy-rc.d +chmod a+x /usr/sbin/policy-rc.d # Installing apt packages apt-get -y install $software check_result $? "apt-get install failed" -# Restoring policy +# Restoring autostart policy rm -f /usr/sbin/policy-rc.d @@ -912,7 +912,7 @@ if [ -z "$ZONE" ]; then ZONE='UTC' fi for pconf in $(find /etc/php* -name php.ini); do - sed -i "s/;date.timezone =/date.timezone = $ZONE/g" $pconf + sed -i "s%;date.timezone =%date.timezone = $ZONE%g" $pconf sed -i 's%_open_tag = Off%_open_tag = On%g' $pconf done @@ -1129,8 +1129,8 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then fi cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ - chmod 640 /etc/roundcube/debian-db-roundcube.php - chown root:www-data /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/debian-db* + chown root:www-data /etc/roundcube/debian-db* cp -f $vestacp/roundcube/vesta.php \ /usr/share/roundcube/plugins/password/drivers/ cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ From 563a9d8b10243f5627f14ced6060867548b57380 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 12 Aug 2018 03:17:01 +0200 Subject: [PATCH 067/140] Avoid blocking v-backup-user because of already dumped db Well, in one db.conf I found duplicated entry for the same database. root@btvc:~# cat /usr/local/vesta/data/users/btvc2011/db.conf DB='btvc2011_cart' DBUSER='btvc2011_9091dn' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='1' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_admin' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_david' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_djn' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_jd' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' DB='btvc2011_cart' DBUSER='btvc2011_oscar' MD5='*' HOST='localhost' TYPE='mysql' CHARSET='UTF8' U_DISK='0' SUSPENDED='no' TIME='' DATE='' Obviously different users has access to the same database. I know that this is impossible to create in Vesta. But @Skamasle thirt-party script for importing cPanels backup obviously CAN do that... and many people use that cPanel importer. This fix will avoid databases that are already dumped. Without this fix backup script get stuck on stdin waiting for: gzip: /backup/tmp.4YlV9Yr4m5/db/btvc2011_cart/btvc2011_cart.mysql.sql.gz already exists; do you wish to overwrite (y or n)? --- bin/v-backup-user | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index bc57cafc..b9fa8420 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -393,13 +393,15 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then dump="$tmpdir/db/$database/$database.$TYPE.sql" grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER" - case $TYPE in - mysql) dump_mysql_database ;; - pgsql) dump_pgsql_database ;; - esac + if [ ! -f "$dump" ]; then + case $TYPE in + mysql) dump_mysql_database ;; + pgsql) dump_pgsql_database ;; + esac - # Compress dump - gzip -$BACKUP_GZIP $dump + # Compress dump + gzip -$BACKUP_GZIP $dump + fi done # Print total From df7cccac4cc1d1f7fc3aef1b4524c18d9666f00f Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 12 Aug 2018 04:25:18 +0200 Subject: [PATCH 068/140] Little fix for previous commit see https://github.com/serghey-rodin/vesta/commit/563a9d8b10243f5627f14ced6060867548b57380 --- bin/v-backup-user | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index b9fa8420..f9569aa4 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -392,8 +392,9 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB" != '*' ]; then grep "DB='$database'" $conf > vesta/db.conf dump="$tmpdir/db/$database/$database.$TYPE.sql" + dumpgz="$tmpdir/db/$database/$database.$TYPE.sql.gz" grants="$tmpdir/db/$database/conf/$database.$TYPE.$DBUSER" - if [ ! -f "$dump" ]; then + if [ ! -f "$dumpgz" ]; then case $TYPE in mysql) dump_mysql_database ;; pgsql) dump_pgsql_database ;; From d2764a6481a08d7aabdadc30f0ee9c08d5ec6c65 Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Fri, 31 Aug 2018 15:35:21 +0000 Subject: [PATCH 069/140] Missing function: is_format_valid_shell --- func/main.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/func/main.sh b/func/main.sh index be626702..e78e6edf 100644 --- a/func/main.sh +++ b/func/main.sh @@ -805,7 +805,16 @@ is_password_format_valid() { check_result $E_INVALID "invalid password format :: $1" fi } - +# Missing function - +# Before: validate_format_shell +# After: is_format_valid_shell +is_format_valid_shell() { + if [ -z "$(grep -w $1 /etc/shells)" ]; then + echo "Error: shell $1 is not valid" + log_event "$E_INVALID" "$EVENT" + exit $E_INVALID + fi +} # Format validation controller is_format_valid() { for arg_name in $*; do @@ -872,7 +881,9 @@ is_format_valid() { restart) is_boolean_format_valid "$arg" 'restart' ;; rtype) is_dns_type_format_valid "$arg" ;; rule) is_int_format_valid "$arg" "rule id" ;; - soa) is_domain_format_valid "$arg" 'SOA' ;; + soa) is_domain_format_valid "$arg" 'SOA' ;; + #missing command: is_format_valid_shell + shell) is_format_valid_shell "$arg" ;; stats_pass) is_password_format_valid "$arg" ;; stats_user) is_user_format_valid "$arg" "$arg_name" ;; template) is_object_format_valid "$arg" "$arg_name" ;; From 1ba6d24189a463cf6577184ea118c6e2c914564d Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Fri, 31 Aug 2018 15:49:32 +0000 Subject: [PATCH 070/140] Typo in function name --- bin/v-add-user-package | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/bin/v-add-user-package b/bin/v-add-user-package index 23f42725..0cab1a3d 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -30,37 +30,37 @@ is_package_new() { is_package_consistent() { source $pkg_dir/$package.pkg if [ "$WEB_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $WEB_DOMAINS 'WEB_DOMAINS' + is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi if [ "$WEB_ALIASES" != 'unlimited' ]; then - is_format_valid_int $WEB_ALIASES 'WEB_ALIASES' + is_int_format_valid $WEB_ALIASES 'WEB_ALIASES' fi if [ "$DNS_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $DNS_DOMAINS 'DNS_DOMAINS' + is_int_format_valid $DNS_DOMAINS 'DNS_DOMAINS' fi if [ "$DNS_RECORDS" != 'unlimited' ]; then - is_format_valid_int $DNS_RECORDS 'DNS_RECORDS' + is_int_format_valid $DNS_RECORDS 'DNS_RECORDS' fi if [ "$MAIL_DOMAINS" != 'unlimited' ]; then - is_format_valid_int $MAIL_DOMAINS 'MAIL_DOMAINS' + is_int_format_valid $MAIL_DOMAINS 'MAIL_DOMAINS' fi if [ "$MAIL_ACCOUNTS" != 'unlimited' ]; then - is_format_valid_int $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' + is_int_format_valid $MAIL_ACCOUNTS 'MAIL_ACCOUNTS' fi if [ "$DATABASES" != 'unlimited' ]; then - is_format_valid_int $DATABASES 'DATABASES' + is_int_format_valid $DATABASES 'DATABASES' fi if [ "$CRON_JOBS" != 'unlimited' ]; then - is_format_valid_int $CRON_JOBS 'CRON_JOBS' + is_int_format_valid $CRON_JOBS 'CRON_JOBS' fi if [ "$DISK_QUOTA" != 'unlimited' ]; then - is_format_valid_int $DISK_QUOTA 'DISK_QUOTA' + is_int_format_valid $DISK_QUOTA 'DISK_QUOTA' fi if [ "$BANDWIDTH" != 'unlimited' ]; then - is_format_valid_int $BANDWIDTH 'BANDWIDTH' + is_int_format_valid $BANDWIDTH 'BANDWIDTH' fi if [ "$BACKUPS" != 'unlimited' ]; then - is_format_valid_int $BACKUPS 'BACKUPS' + is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL } From d6c79c7d7ee3b5cbc04b235798af9e6d1a7a62f5 Mon Sep 17 00:00:00 2001 From: Dmitry Bannik Date: Mon, 3 Sep 2018 21:55:46 +0300 Subject: [PATCH 071/140] bugfix nginx templates --- install/ubuntu/12.04/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/12.04/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/12.10/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/12.10/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/13.04/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/13.04/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/13.10/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/13.10/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/14.04/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/14.04/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/14.10/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/14.10/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/15.04/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/15.04/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/15.10/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/15.10/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/16.04/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/16.04/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/16.10/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/16.10/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/17.04/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/17.04/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/17.10/templates/web/nginx/http2.stpl | 6 +++--- install/ubuntu/17.10/templates/web/nginx/http2.tpl | 6 +++--- install/ubuntu/18.04/templates/web/nginx/caching.stpl | 3 +-- install/ubuntu/18.04/templates/web/nginx/default.stpl | 3 +-- install/ubuntu/18.04/templates/web/nginx/hosting.stpl | 3 +-- install/ubuntu/18.04/templates/web/nginx/http2.stpl | 9 ++++----- install/ubuntu/18.04/templates/web/nginx/http2.tpl | 6 +++--- .../templates/web/nginx/php-fpm/cms_made_simple.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/codeigniter2.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/codeigniter3.stpl | 3 +-- .../templates/web/nginx/php-fpm/datalife_engine.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/default.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/dokuwiki.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/drupal6.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/drupal7.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/drupal8.stpl | 3 +-- .../ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/laravel.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/magento.stpl | 3 +-- .../ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl | 3 +-- .../ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl | 3 +-- .../ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl | 3 +-- .../ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/opencart.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/owncloud.stpl | 3 +-- .../ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/pyrocms.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/wordpress.stpl | 3 +-- .../18.04/templates/web/nginx/php-fpm/wordpress2.stpl | 3 +-- .../templates/web/nginx/php-fpm/wordpress2_rewrite.stpl | 3 +-- 52 files changed, 105 insertions(+), 132 deletions(-) diff --git a/install/ubuntu/12.04/templates/web/nginx/http2.stpl b/install/ubuntu/12.04/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/12.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/12.04/templates/web/nginx/http2.tpl b/install/ubuntu/12.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/12.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/12.10/templates/web/nginx/http2.stpl b/install/ubuntu/12.10/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/12.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/12.10/templates/web/nginx/http2.tpl b/install/ubuntu/12.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/12.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/13.04/templates/web/nginx/http2.stpl b/install/ubuntu/13.04/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/13.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/13.04/templates/web/nginx/http2.tpl b/install/ubuntu/13.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/13.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/13.10/templates/web/nginx/http2.stpl b/install/ubuntu/13.10/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/13.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/13.10/templates/web/nginx/http2.tpl b/install/ubuntu/13.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/13.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/14.04/templates/web/nginx/http2.stpl b/install/ubuntu/14.04/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/14.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/14.04/templates/web/nginx/http2.tpl b/install/ubuntu/14.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/14.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/14.10/templates/web/nginx/http2.stpl b/install/ubuntu/14.10/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/14.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/14.10/templates/web/nginx/http2.tpl b/install/ubuntu/14.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/14.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/15.04/templates/web/nginx/http2.stpl b/install/ubuntu/15.04/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/15.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/15.04/templates/web/nginx/http2.tpl b/install/ubuntu/15.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/15.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/15.10/templates/web/nginx/http2.stpl b/install/ubuntu/15.10/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/15.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/15.10/templates/web/nginx/http2.tpl b/install/ubuntu/15.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/15.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/16.04/templates/web/nginx/http2.stpl b/install/ubuntu/16.04/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/16.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/16.04/templates/web/nginx/http2.tpl b/install/ubuntu/16.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/16.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/16.10/templates/web/nginx/http2.stpl b/install/ubuntu/16.10/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/16.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/16.10/templates/web/nginx/http2.tpl b/install/ubuntu/16.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/16.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.stpl b/install/ubuntu/17.04/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/17.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.tpl b/install/ubuntu/17.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/17.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.stpl b/install/ubuntu/17.10/templates/web/nginx/http2.stpl index 76dd2f8e..72e72a90 100644 --- a/install/ubuntu/17.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/http2.stpl @@ -4,14 +4,14 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.tpl b/install/ubuntu/17.10/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/17.10/templates/web/nginx/http2.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/18.04/templates/web/nginx/caching.stpl b/install/ubuntu/18.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/18.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/18.04/templates/web/nginx/default.stpl b/install/ubuntu/18.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/18.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/18.04/templates/web/nginx/hosting.stpl b/install/ubuntu/18.04/templates/web/nginx/hosting.stpl index d778d633..1ef8994b 100755 --- a/install/ubuntu/18.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/18.04/templates/web/nginx/http2.stpl b/install/ubuntu/18.04/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/ubuntu/18.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/18.04/templates/web/nginx/http2.tpl b/install/ubuntu/18.04/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/ubuntu/18.04/templates/web/nginx/http2.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl index d85bcce3..003e9180 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl index 9c24c3ea..51f1f408 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl index d7186314..e8dd8bf6 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl index 4f0b9ec7..96495ee8 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl index 5cb55311..38de83d2 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/default.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl index f85032ba..c9387bfb 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..93f8c55a 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..917c0c80 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..917c0c80 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl index 704405f3..886b586e 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/joomla.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl index 477f6f01..8e6e8774 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/laravel.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%/public; index index.php index.html index.htm; @@ -8,7 +8,6 @@ server { error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl index fdab43aa..5d05ea72 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/magento.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%/pub; @@ -9,7 +9,6 @@ server { error_page 404 403 = /errors/404.php; add_header "X-UA-Compatible" "IE=Edge"; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl index f410ab77..23ce8eb8 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/modx.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; # if you need to rewrite www to non-www uncomment bellow diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl index f15a68c5..10629c65 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/moodle.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl index bc8b53a3..7b3aff96 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/no-php.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl index d6697d7a..223eb97a 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/odoo.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl index 908b9aeb..5b6e55e8 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/opencart.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl index 891566b9..b43fdc75 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/owncloud.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl index 78c1bb78..0a4a412f 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/piwik.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl index 5ffc9ed5..c9f91854 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/pyrocms.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%/public; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl index 5cb55311..38de83d2 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl index e0aeb524..39cce361 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %sdocroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..264ca01a 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,5 +1,5 @@ server { - listen %ip%:%web_ssl_port%; + listen %ip%:%web_ssl_port% ssl; server_name %domain_idn% %alias_idn%; root %docroot%; index index.php index.html index.htm; @@ -7,7 +7,6 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; From e7daba868b7c40e813b7a1eeae805d35d3880fad Mon Sep 17 00:00:00 2001 From: Seia Soto Date: Sat, 8 Sep 2018 23:23:03 +0900 Subject: [PATCH 072/140] Update translations --- web/inc/i18n/ko.php | 46 ++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/web/inc/i18n/ko.php b/web/inc/i18n/ko.php index a81db461..a032f265 100644 --- a/web/inc/i18n/ko.php +++ b/web/inc/i18n/ko.php @@ -26,11 +26,11 @@ $LANG['ko'] = array( 'BACKUP' => '백업', 'LOGIN' => '로그인', - 'RESET PASSWORD' => '비밀번호 초기화', + 'RESET PASSWORD' => '비밀번호 재설정', 'SEARCH' => '검색', 'PACKAGE' => '패키지', 'RRD' => 'RRD', - 'STATS' => 'STATS', + 'STATS' => '상태정보', 'LOG' => '기록', 'UPDATES' => '업데이트', 'FIREWALL' => '방화벽', @@ -139,7 +139,7 @@ $LANG['ko'] = array( 'Editing Firewall Rule' => '방화벽 규칙 편집', 'Adding IP Address to Banlist' => 'IP 주소를 차단 목록에 추가', - 'active' => '활성', + 'active' => '활성화됨', 'spnd' => '정지됨', 'suspended' => '정지됨', 'running' => '작동중', @@ -192,10 +192,10 @@ $LANG['ko'] = array( 'backup exclusions' => '백업 예외', 'template' => '템플릿', 'SSL Support' => 'SSL 지원', - 'SSL Home Directory' => 'SSL 홈', + 'SSL Home Directory' => 'SSL 홈 디렉토리', 'Lets Encrypt Support' => 'Lets Encrypt 지원', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => '인증서는 5분 안에 자동으로 발급됩니다', + 'Your certificate will be automatically issued in 5 minutes' => '인증서는 5분 안에 자동으로 발급될 것입니다', 'Proxy Support' => '프록시 지원', 'Proxy Extensions' => '프록시 확장', 'Web Statistics' => '웹 통계', @@ -249,8 +249,8 @@ $LANG['ko'] = array( 'APACHE2 Usage' => 'APACHE2 사용', 'HTTPD Usage' => 'HTTPD 사용', 'NGINX Usage' => 'NGINX 사용', - 'MySQL Usage on localhost' => 'localhost에서의 MySQL 사용', - 'PostgreSQL Usage on localhost' => 'localhost에서의 PostgreSQL 사용', + 'MySQL Usage on localhost' => 'localhost에서 MySQL 사용', + 'PostgreSQL Usage on localhost' => 'localhost에서 PostgreSQL 사용', 'Bandwidth Usage eth0' => 'eth0 대역폭 사용', 'Bandwidth Usage eth1' => 'eth1 대역폭 사용', 'Exim Usage' => 'Exim 사용', @@ -267,7 +267,7 @@ $LANG['ko'] = array( 'ftp server' => 'FTP 서버', 'job scheduler' => '스케줄러 ', 'firewall' => '방화벽', - 'brute-force monitor' => '무차별 공격 모니터', + 'brute-force monitor' => '무차별 대입 공격 모니터', 'CPU' => 'CPU', 'Memory' => '메모리', 'Uptime' => '가동 시간', @@ -285,7 +285,7 @@ $LANG['ko'] = array( 'Language' => '언어', 'First Name' => '이름', 'Last Name' => '성', - 'Send login credentials to email address' => '이메일 주소로 로그인 정보를 보내기', + 'Send login credentials to email address' => '이메일 주소로 로그인 정보 전송', 'Default Template' => '기본 템플릿', 'Default Name Servers' => '기본 네임 서버', 'Domain' => '도메인', @@ -322,7 +322,7 @@ $LANG['ko'] = array( 'Minute' => '분', 'Command' => '명령어', 'Package Name' => '패키지 이름', - 'Netmask' => '넷마크', + 'Netmask' => '넷마스크', 'Interface' => '인터페이스', 'Shared' => '공유된', 'Assigned user' => '부여 된 사용자', @@ -356,7 +356,7 @@ $LANG['ko'] = array( 'IP address' => 'IP 주소', 'netmask' => '넷마스크', 'interface' => '인터페이스', - 'assigned user' => '부여 된 사용자', + 'assigned user' => '부여된 사용자', 'ns1' => 'NS1', 'ns2' => 'NS2', 'user' => '사용자', @@ -386,7 +386,7 @@ $LANG['ko'] = array( 'Port' => '포트', 'Comment' => '댓글', 'Banlist' => '차단 목록', - 'ranges are acceptable' => '허용 가능한 범위', + 'ranges are acceptable' => '허용할 수 있는 범위', 'CIDR format is supported' => 'CIDR 형식이 지원됩니다', 'ACCEPT' => '허용', 'DROP' => '드롭', @@ -474,18 +474,18 @@ $LANG['ko'] = array( 'DELETE_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스를 삭제 하시겠습니까?', 'SUSPEND_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스를 정지 시키시겠습니까?', 'UNSUSPEND_DATABASE_CONFIRMATION' => '정말로 %s 데이터베이스의 정지를 해제 하시겠습니까?', - 'DELETE_CRON_CONFIRMATION' => '정말로 Cron 작업을 삭제 하시려는게 맞습니까?', - 'SUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업을 정지 시키시려는게 맞습니까?', - 'UNSUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업의 정지를 해제 하시려는게 맞습니까?', - 'DELETE_BACKUP_CONFIRMATION' => '%s 백업을 삭제 하시려는게 맞습니까?', - 'DELETE_EXCLUSION_CONFIRMATION' => '%s 예외를 삭제 하시려는게 맞습니까?', + 'DELETE_CRON_CONFIRMATION' => '정말로 Cron 작업을 삭제 하시겠습니까?', + 'SUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업을 정지 시키겠습니까?', + 'UNSUSPEND_CRON_CONFIRMATION' => '정말로 Cron 작업의 정지를 해제 하시겠습니까?', + 'DELETE_BACKUP_CONFIRMATION' => '%s 백업을 삭제 하시겠습니까?', + 'DELETE_EXCLUSION_CONFIRMATION' => '%s 예외를 삭제 하시겠습니까?', 'DELETE_PACKAGE_CONFIRMATION' => '정말로 %s 패키지를 삭제 하시겠습니까?', 'DELETE_IP_CONFIRMATION' => '정말로 %s IP 주소를 삭제 하시겠습니까?', - 'DELETE_RULE_CONFIRMATION' => '정말로 #%s 규칙을 삭제하시려는게 맞습니까?', - 'SUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙을 정지 시키시려는게 맞습니까?', - 'UNSUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙의 정지를 해제 시키시려는게 맞습니까?', + 'DELETE_RULE_CONFIRMATION' => '정말로 #%s 규칙을 삭제 하시겠습니까?', + 'SUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙을 정지 하시겠습니까?', + 'UNSUSPEND_RULE_CONFIRMATION' => '정말로 #%s 규칙의 정지를 해제 하시겠습니까?', 'LEAVE_PAGE_CONFIRMATION' => '페이지를 나가시겠습니까?', - 'RESTART_CONFIRMATION' => '%s을/를 재시작 하시려는게 맞습니까?', + 'RESTART_CONFIRMATION' => '%s을(를) 재시작 하시려는게 맞습니까?', 'Welcome' => '환영합니다', 'LOGGED_IN_AS' => '%s 사용자로 로그인 됨', 'Error' => 'Error', @@ -735,7 +735,7 @@ $LANG['ko'] = array( 'webalizer' => 'Webalizer', 'awstats' => 'Awstats', - 'Vesta SSL' => 'Vesta SSL', + 'Vesta SSL' => 'Vesta 인증서', 'SUBJECT' => '주체', 'ALIASES' => '별칭', 'NOT_BEFORE' => '유효 기간(시작)', @@ -754,5 +754,5 @@ $LANG['ko'] = array( 'maximum characters length, including prefix' => '최대 길이는 접두사를 포함하여 %s자입니다.', 'Email Credentials' => '이메일 자격증명', - + ); From 7f20521c5b51a030336cd286938296eb12b7f984 Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Sat, 8 Sep 2018 14:32:11 +0000 Subject: [PATCH 073/140] Enable utf8mb4 charset issue: #1698 --- web/templates/admin/add_db.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/web/templates/admin/add_db.html b/web/templates/admin/add_db.html index fb369af0..74903241 100644 --- a/web/templates/admin/add_db.html +++ b/web/templates/admin/add_db.html @@ -148,6 +148,8 @@ + + From 5bd270591cf086dde275edb0a8ea7142eef00b54 Mon Sep 17 00:00:00 2001 From: Maksim Usmanov | Maks Date: Sun, 9 Sep 2018 13:51:00 +0200 Subject: [PATCH 074/140] Fix function check_result Check_error not defined --- install/vst-install-ubuntu.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index bb74295b..c0655bb2 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -236,7 +236,7 @@ fi # Checking root permissions if [ "x$(id -u)" != 'x0' ]; then - check_error 1 "Script can be run executed only by root" + check_result 1 "Script can be run executed only by root" fi # Checking admin user account From 5420b2c95d581fe8135e37a6eba303e3b3e1885e Mon Sep 17 00:00:00 2001 From: myrevery Date: Mon, 10 Sep 2018 01:59:17 +0800 Subject: [PATCH 075/140] Update cn.php Add new keyword and refine some details. --- web/inc/i18n/cn.php | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/web/inc/i18n/cn.php b/web/inc/i18n/cn.php index d47587db..62147871 100644 --- a/web/inc/i18n/cn.php +++ b/web/inc/i18n/cn.php @@ -175,6 +175,7 @@ $LANG['cn'] = array( 'User Directories' => '用户目录', 'Template' => '模板', 'Web Template' => 'Web模板', + 'Backend Support' => '后端支持', //New Keyword for PHP-FPM in WEB page. 'Backend Template' => '后端模板', 'Proxy Template' => '代理模板', 'DNS Template' => 'DNS模板', @@ -265,6 +266,7 @@ $LANG['cn'] = array( 'SSH Usage' => 'SSH 用量', 'reverse proxy' => '反向代理', 'web server' => 'Web服务', + 'backend server' => '后端服务', //New Keyword for PHP-FPM in SERVER page. 'dns server' => 'DNS服务', 'mail server' => '邮箱服务', 'pop/imap server' => 'POP/IMAP服务', @@ -383,9 +385,9 @@ $LANG['cn'] = array( 'ErrorLog' => '错误日志', 'Download AccessLog' => '下载访问日志', 'Download ErrorLog' => '下载错误日志', - 'Country' => '国家', - '2 letter code' => '2位国家简码如: 中国CN / 美国US', - 'State / Province' => '州 / 省', + 'Country' => '国家地区', + '2 letter code' => '采用 ISO 3166-1 二位代码如: 中国CN / 美国US', + 'State / Province' => '州 / 省级', 'City / Locality' => '市 / 地区', 'Organization' => '组织名称', 'Action' => '操作', @@ -719,10 +721,10 @@ $LANG['cn'] = array( 'Run Command' => '运行指令于', 'every month' => '每个月', 'every odd month' => '每个奇数月', - 'every even month' => '每隔 2 月', + 'every even month' => '每个偶数月', 'every day' => '每日', 'every odd day' => '每个奇数日', - 'every even day' => '每隔 2 日', + 'every even day' => '每个偶数日', 'weekdays (5 days)' => '工作日 (5天)', 'weekend (2 days)' => '双休日 (2天)', 'Monday' => '周一 ', @@ -748,7 +750,7 @@ $LANG['cn'] = array( 'NOT_BEFORE' => '有效期从', 'NOT_AFTER' => '有效期至', 'SIGNATURE' => '签名算法', - 'PUB_KEY' => '密钥位数', + 'PUB_KEY' => '公钥长度', 'ISSUER' => '颁发者', 'Use server hostname' => '采用服务器主机名', From 7b0597fc417bb83f0a378454ba1a7ad34d977621 Mon Sep 17 00:00:00 2001 From: marcos Date: Sun, 14 Oct 2018 15:28:48 +0200 Subject: [PATCH 076/140] traducciones --- web/inc/i18n/es.php | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index 1f2c36dd..8cf45ddf 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -193,11 +193,11 @@ $LANG['es'] = array( 'Mail Accounts' => 'Cuentas de Correo', 'Cron Jobs' => 'Tareas Programadas', 'SSH Access' => 'Acceso SSH', - 'IP Address' => 'IP Address', - 'IP Addresses' => 'Dirección IP', + 'IP Address' => 'Dirección IP', + 'IP Addresses' => 'Direcciones IP', 'Backups' => 'Respaldos', 'Backup System' => 'Sistema de Respaldo', - 'backup exclusions' => 'respaldos excluídos', + 'backup exclusions' => 'configurar exlusiones', 'template' => 'plantilla', 'SSL Support' => 'Soportar SSL', 'SSL Home Directory' => 'Directorio local del SSL', @@ -248,8 +248,8 @@ $LANG['es'] = array( 'SYS' => 'SYS', 'Domains' => 'Dominios', 'Status' => 'Estado', - 'shared' => 'compartido', - 'dedicated' => 'dedicado', + 'shared' => 'compartida', + 'dedicated' => 'dedicada', 'Owner' => 'Dueño', 'Users' => 'Usuarios', 'Load Average' => 'Promedio de carga', @@ -332,7 +332,7 @@ $LANG['es'] = array( 'Package Name' => 'Nombre del Plan', 'Netmask' => 'Máscara de Red', 'Interface' => 'Interfaz', - 'Shared' => 'Compartido', + 'Shared' => 'Compartida', 'Assigned user' => 'Usuario asignado', 'Assigned domain' => 'Dominio asignado', 'NAT IP association' => 'Asociación NAT IP', @@ -762,4 +762,5 @@ $LANG['es'] = array( 'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo', 'Email Credentials' => 'Email Credentials', + ); From a12466f5cc5cbb61b2a75e84f617adca6c1b1904 Mon Sep 17 00:00:00 2001 From: marcos Date: Sun, 14 Oct 2018 15:31:38 +0200 Subject: [PATCH 077/140] suspend_message --- web/templates/admin/list_mail.html | 2 +- web/templates/user/list_mail.html | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/web/templates/admin/list_mail.html b/web/templates/admin/list_mail.html index 02536441..6bd27cca 100644 --- a/web/templates/admin/list_mail.html +++ b/web/templates/admin/list_mail.html @@ -74,7 +74,7 @@ } else { $status = 'active'; $spnd_action = 'suspend' ; - $spnd_confirmation = 'UNSUSPEND_DOMAIN_CONFIRMATION' ; + $spnd_confirmation = 'SUSPEND_DOMAIN_CONFIRMATION' ; } if (empty($data[$key]['CATCHALL'])) { $data[$key]['CATCHALL'] = '/dev/null'; diff --git a/web/templates/user/list_mail.html b/web/templates/user/list_mail.html index 84d9a56c..40284380 100644 --- a/web/templates/user/list_mail.html +++ b/web/templates/user/list_mail.html @@ -72,7 +72,7 @@ } else { $status = 'active'; $spnd_action = 'suspend' ; - $spnd_confirmation = 'UNSUSPEND_DOMAIN_CONFIRMATION' ; + $spnd_confirmation = 'SUSPEND_DOMAIN_CONFIRMATION' ; } if (empty($data[$key]['CATCHALL'])) { $data[$key]['CATCHALL'] = '/dev/null'; From 1557f9bc8cbdb349a83bce96093b1717b36cf5cd Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 17:27:03 +0300 Subject: [PATCH 078/140] Security: separate passwords for databases --- install/vst-install-amazon.sh | 14 ++++++++------ install/vst-install-debian.sh | 12 +++++++----- install/vst-install-rhel.sh | 14 ++++++++------ install/vst-install-ubuntu.sh | 12 +++++++----- 4 files changed, 30 insertions(+), 22 deletions(-) diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index 899d4cd8..e419d019 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -1008,8 +1008,9 @@ if [ "$mysql" = 'yes' ]; then fi # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1031,9 +1032,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) if [ $release -eq 5 ]; then service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" service postgresql stop cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start @@ -1041,7 +1043,7 @@ if [ "$postgresql" = 'yes' ]; then service postgresql initdb cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1272,13 +1274,13 @@ fi # Configuring MySQL host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 4b5d293d..013f3160 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -985,8 +985,9 @@ if [ "$mysql" = 'yes' ]; then check_result $? "mysql start failed" # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1008,9 +1009,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf service postgresql restart - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1298,13 +1300,13 @@ fi # Configuring mysql host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring pgsql host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 1ecd2235..4a863464 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1024,8 +1024,9 @@ if [ "$mysql" = 'yes' ]; then fi # Securing MySQL installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1047,9 +1048,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) if [ $release -eq 5 ]; then service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" service postgresql stop cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start @@ -1057,7 +1059,7 @@ if [ "$postgresql" = 'yes' ]; then service postgresql initdb cp -f $vestacp/postgresql/pg_hba.conf /var/lib/pgsql/data/ service postgresql start - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" fi # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1289,13 +1291,13 @@ fi # Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index c0655bb2..bfcf8919 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -977,8 +977,9 @@ if [ "$mysql" = 'yes' ]; then check_result $? "mysql start failed" # Securing MySQL/MariaDB installation - mysqladmin -u root password $vpass - echo -e "[client]\npassword='$vpass'\n" > /root/.my.cnf + mpass=$(gen_pass) + mysqladmin -u root password $mpass + echo -e "[client]\npassword='$mpass'\n" > /root/.my.cnf chmod 600 /root/.my.cnf mysql -e "DELETE FROM mysql.user WHERE User=''" mysql -e "DROP DATABASE test" >/dev/null 2>&1 @@ -1000,9 +1001,10 @@ fi #----------------------------------------------------------# if [ "$postgresql" = 'yes' ]; then + ppass=$(gen_pass) cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart - sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$vpass'" + sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then @@ -1235,13 +1237,13 @@ fi # Configuring MySQL/MariaDB host if [ "$mysql" = 'yes' ]; then - $VESTA/bin/v-add-database-host mysql localhost root $vpass + $VESTA/bin/v-add-database-host mysql localhost root $mpass $VESTA/bin/v-add-database admin default default $(gen_pass) mysql fi # Configuring PostgreSQL host if [ "$postgresql" = 'yes' ]; then - $VESTA/bin/v-add-database-host pgsql localhost postgres $vpass + $VESTA/bin/v-add-database-host pgsql localhost postgres $ppass $VESTA/bin/v-add-database admin db db $(gen_pass) pgsql fi From a1b3aa3a8432b72842fe13ee77a892d2bba2b022 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 22:06:17 +0300 Subject: [PATCH 079/140] No stats with distro name anymore --- install/vst-install-amazon.sh | 3 --- install/vst-install-debian.sh | 3 --- install/vst-install-rhel.sh | 3 --- install/vst-install-ubuntu.sh | 3 --- 4 files changed, 12 deletions(-) diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index e419d019..8dbdaa14 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -1334,9 +1334,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and IP host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 013f3160..47f36142 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1361,9 +1361,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and ip host_ip=$(host $servername| head -n 1 | awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 4a863464..3aaad808 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1351,9 +1351,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and IP host_ip=$(host $servername |head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index bfcf8919..4cc5ee86 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -1297,9 +1297,6 @@ $VESTA/bin/v-add-cron-vesta-autoupdate # Vesta Access Info # #----------------------------------------------------------# -# Sending install notification to vestacp.com -wget vestacp.com/notify/?$codename -O /dev/null -q - # Comparing hostname and IP host_ip=$(host $servername| head -n 1 |awk '{print $NF}') if [ "$host_ip" = "$ip" ]; then From 67a0e8d1086eb271df7e12fc67f1db482be8cb46 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 22:27:06 +0300 Subject: [PATCH 080/140] limit config visibility to /etc and /var/lib --- bin/v-open-fs-config | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bin/v-open-fs-config b/bin/v-open-fs-config index 6a4f54fd..720df86a 100755 --- a/bin/v-open-fs-config +++ b/bin/v-open-fs-config @@ -35,6 +35,11 @@ if [ ! -z "$src_file" ]; then echo "Error: invalid source path $src_file" exit 2 fi + spath=$(echo "$rpath" |egrep "/etc|/var/lib") + if [ -z "$spath" ]; then + echo "Error: invalid source path $src_file" + exit 2 + fi fi # Reading conf From 5f68c1b634abec2d5a4f83156bfd223d3a792f77 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 23:28:37 +0300 Subject: [PATCH 081/140] Timing attack fix from security experts https://arcturussecurity.com --- web/reset/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/reset/index.php b/web/reset/index.php index abde3c14..0d90d15d 100644 --- a/web/reset/index.php +++ b/web/reset/index.php @@ -48,7 +48,7 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass if ( $return_var == 0 ) { $data = json_decode(implode('', $output), true); $rkey = $data[$user]['RKEY']; - if ($rkey == $_POST['code']) { + if (hash_equals($rkey, $POST[‘code’])) { $v_password = tempnam("/tmp","vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST['password']."\n"); From d880b5b4254ed3d89303227d7de4a79e8e0579a7 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 17 Oct 2018 23:58:27 +0300 Subject: [PATCH 082/140] limit sudo for admin to vesta scripts only --- install/debian/7/sudo/admin | 2 +- install/debian/8/sudo/admin | 2 +- install/debian/9/sudo/admin | 2 +- install/rhel/5/sudo/admin | 2 +- install/rhel/6/sudo/admin | 2 +- install/rhel/7/sudo/admin | 2 +- install/ubuntu/12.04/sudo/admin | 2 +- install/ubuntu/12.10/sudo/admin | 2 +- install/ubuntu/13.04/sudo/admin | 2 +- install/ubuntu/13.10/sudo/admin | 2 +- install/ubuntu/14.04/sudo/admin | 2 +- install/ubuntu/14.10/sudo/admin | 2 +- install/ubuntu/15.04/sudo/admin | 2 +- install/ubuntu/15.10/sudo/admin | 2 +- install/ubuntu/16.04/sudo/admin | 2 +- install/ubuntu/16.10/sudo/admin | 2 +- install/ubuntu/17.04/sudo/admin | 2 +- install/ubuntu/17.10/sudo/admin | 2 +- install/ubuntu/18.04/sudo/admin | 2 +- 19 files changed, 19 insertions(+), 19 deletions(-) diff --git a/install/debian/7/sudo/admin b/install/debian/7/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/7/sudo/admin +++ b/install/debian/7/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/8/sudo/admin b/install/debian/8/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/8/sudo/admin +++ b/install/debian/8/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/9/sudo/admin b/install/debian/9/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/debian/9/sudo/admin +++ b/install/debian/9/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/5/sudo/admin b/install/rhel/5/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/5/sudo/admin +++ b/install/rhel/5/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/6/sudo/admin b/install/rhel/6/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/6/sudo/admin +++ b/install/rhel/6/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/rhel/7/sudo/admin b/install/rhel/7/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/rhel/7/sudo/admin +++ b/install/rhel/7/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/12.04/sudo/admin b/install/ubuntu/12.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/12.04/sudo/admin +++ b/install/ubuntu/12.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/12.10/sudo/admin b/install/ubuntu/12.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/12.10/sudo/admin +++ b/install/ubuntu/12.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/13.04/sudo/admin b/install/ubuntu/13.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/13.04/sudo/admin +++ b/install/ubuntu/13.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/13.10/sudo/admin b/install/ubuntu/13.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/13.10/sudo/admin +++ b/install/ubuntu/13.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/14.04/sudo/admin b/install/ubuntu/14.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/14.04/sudo/admin +++ b/install/ubuntu/14.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/14.10/sudo/admin b/install/ubuntu/14.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/14.10/sudo/admin +++ b/install/ubuntu/14.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/15.04/sudo/admin b/install/ubuntu/15.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/15.04/sudo/admin +++ b/install/ubuntu/15.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/15.10/sudo/admin b/install/ubuntu/15.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/15.10/sudo/admin +++ b/install/ubuntu/15.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/16.04/sudo/admin b/install/ubuntu/16.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/16.04/sudo/admin +++ b/install/ubuntu/16.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/16.10/sudo/admin b/install/ubuntu/16.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/16.10/sudo/admin +++ b/install/ubuntu/16.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/17.04/sudo/admin b/install/ubuntu/17.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/17.04/sudo/admin +++ b/install/ubuntu/17.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/17.10/sudo/admin b/install/ubuntu/17.10/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/17.10/sudo/admin +++ b/install/ubuntu/17.10/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/18.04/sudo/admin b/install/ubuntu/18.04/sudo/admin index 4226bdd4..331fa1f2 100644 --- a/install/ubuntu/18.04/sudo/admin +++ b/install/ubuntu/18.04/sudo/admin @@ -4,5 +4,5 @@ Defaults:admin !syslog Defaults:admin !requiretty Defaults:root !requiretty -admin ALL=(ALL) ALL +# sudo is limited to vesta scripts admin ALL=NOPASSWD:/usr/local/vesta/bin/* From cde42691701667502369f76e197c30005431f959 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 00:14:28 +0300 Subject: [PATCH 083/140] Release 0.9.8-23 --- src/deb/ioncube/control | 2 +- src/deb/nginx/control | 2 +- src/deb/php/control | 2 +- src/deb/softaculous/control | 2 +- src/deb/vesta/control | 2 +- src/deb/vesta/postinst | 8 ++++++++ src/rpm/specs/vesta-ioncube.spec | 2 +- src/rpm/specs/vesta-nginx.spec | 2 +- src/rpm/specs/vesta-php.spec | 2 +- src/rpm/specs/vesta-softaculous.spec | 2 +- src/rpm/specs/vesta.spec | 17 ++++++++++++++++- upd/add_notifications.sh | 2 +- upd/fix_dhcprenew.sh | 20 ++++++++++++++++++++ upd/limit_sudo.sh | 6 ++++++ 14 files changed, 60 insertions(+), 11 deletions(-) create mode 100755 upd/fix_dhcprenew.sh create mode 100755 upd/limit_sudo.sh diff --git a/src/deb/ioncube/control b/src/deb/ioncube/control index 89268f6e..9db6cc14 100644 --- a/src/deb/ioncube/control +++ b/src/deb/ioncube/control @@ -1,7 +1,7 @@ Source: vesta-ioncube Package: vesta-ioncube Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: https://www.ioncube.com diff --git a/src/deb/nginx/control b/src/deb/nginx/control index 9dc7351a..19ec8bbb 100644 --- a/src/deb/nginx/control +++ b/src/deb/nginx/control @@ -1,7 +1,7 @@ Source: vesta-nginx Package: vesta-nginx Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/php/control b/src/deb/php/control index 3714008d..e8702027 100644 --- a/src/deb/php/control +++ b/src/deb/php/control @@ -1,7 +1,7 @@ Source: vesta-php Package: vesta-php Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/softaculous/control b/src/deb/softaculous/control index 35140df6..c5c9eb67 100644 --- a/src/deb/softaculous/control +++ b/src/deb/softaculous/control @@ -1,7 +1,7 @@ Source: vesta-softaculous Package: vesta-softaculous Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: https://www.softaculous.com diff --git a/src/deb/vesta/control b/src/deb/vesta/control index 028a4e41..9f83c2a6 100644 --- a/src/deb/vesta/control +++ b/src/deb/vesta/control @@ -1,7 +1,7 @@ Source: vesta Package: vesta Priority: optional -Version: 0.9.8-22 +Version: 0.9.8-23 Section: admin Maintainer: Serghey Rodin Homepage: http://vestacp.com diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 3cba15e9..516df08b 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -28,4 +28,12 @@ if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then /usr/local/vesta/upd/fix_roundcube.sh fi +if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then + /usr/local/vesta/upd/limit_sudo.sh +fi + +if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then + /usr/local/vesta/upd/fix_dhcprenew.sh +fi + exit 0 diff --git a/src/rpm/specs/vesta-ioncube.spec b/src/rpm/specs/vesta-ioncube.spec index 5d48dc29..54bb5cf4 100644 --- a/src/rpm/specs/vesta-ioncube.spec +++ b/src/rpm/specs/vesta-ioncube.spec @@ -1,6 +1,6 @@ Name: vesta-ioncube Version: 0.9.8 -Release: 22 +Release: 23 Summary: ionCube Loader Group: System Environment/Base License: "Freely redistributable without restriction" diff --git a/src/rpm/specs/vesta-nginx.spec b/src/rpm/specs/vesta-nginx.spec index a633ef85..ca530cc1 100644 --- a/src/rpm/specs/vesta-nginx.spec +++ b/src/rpm/specs/vesta-nginx.spec @@ -1,6 +1,6 @@ Name: vesta-nginx Version: 0.9.8 -Release: 22 +Release: 23 Summary: Vesta Control Panel Group: System Environment/Base License: BSD-like diff --git a/src/rpm/specs/vesta-php.spec b/src/rpm/specs/vesta-php.spec index 12d1c401..fe5aded9 100644 --- a/src/rpm/specs/vesta-php.spec +++ b/src/rpm/specs/vesta-php.spec @@ -1,6 +1,6 @@ Name: vesta-php Version: 0.9.8 -Release: 22 +Release: 23 Summary: Vesta Control Panel Group: System Environment/Base License: GPL diff --git a/src/rpm/specs/vesta-softaculous.spec b/src/rpm/specs/vesta-softaculous.spec index 7e92cfdb..ece330e8 100644 --- a/src/rpm/specs/vesta-softaculous.spec +++ b/src/rpm/specs/vesta-softaculous.spec @@ -1,6 +1,6 @@ Name: vesta-softaculous Version: 0.9.8 -Release: 22 +Release: 23 Summary: Vesta Control Panel Group: System Environment/Base License: Softaculous License diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index 58359da0..bb82d404 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -1,6 +1,6 @@ Name: vesta Version: 0.9.8 -Release: 22 +Release: 23 Summary: Vesta Control Panel Group: System Environment/Base License: GPL @@ -45,6 +45,15 @@ if [ $1 -ge 2 ]; then if [ -x /usr/local/vesta/upd/fix_roundcube.sh ]; then /usr/local/vesta/upd/fix_roundcube.sh fi + + if [ -x /usr/local/vesta/upd/limit_sudo.sh ]; then + /usr/local/vesta/upd/limit_sudo.sh + fi + + if [ -x /usr/local/vesta/upd/fix_dhcprenew.sh ]; then + /usr/local/vesta/upd/fix_dhcprenew.sh + fi + fi %files %{_vestadir} @@ -59,6 +68,12 @@ fi %config(noreplace) %{_vestadir}/web/css/uploadify.css %changelog +* Thu 18 2018 Serghey Rodin - 0.9.8-23 +- Security fixes + +* Wed June 27 2018 Serghey Rodin - 0.9.8-22 +- Security fixes + * Fri May 11 2018 Serghey Rodin - 0.9.8-21 - Additional security fixes diff --git a/upd/add_notifications.sh b/upd/add_notifications.sh index 14b8590e..e55c0c74 100755 --- a/upd/add_notifications.sh +++ b/upd/add_notifications.sh @@ -5,5 +5,5 @@ rm -f /usr/local/vesta/data/users/admin/notifications.conf /usr/local/vesta/bin/v-add-user-notification admin "File Manager" "Browse, copy, edit, view, and retrieve all your web domain files using a fully featured File Manager. Plugin is available for purchase." 'filemanager' /usr/local/vesta/bin/v-add-user-notification admin "Chroot SFTP" "If you want to have SFTP accounts that will be used only to transfer files (and not to SSH), you can purchase and enable SFTP Chroot" /usr/local/vesta/bin/v-add-user-notification admin "Softaculous" "Softaculous is one of the best Auto Installers and it is finally available" -/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-19" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read release notes" +/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-23" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read release notes" diff --git a/upd/fix_dhcprenew.sh b/upd/fix_dhcprenew.sh new file mode 100755 index 00000000..08e76f69 --- /dev/null +++ b/upd/fix_dhcprenew.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +if [ -e "/usr/bin/dhcprenew" ]; then + mv /usr/bin/dhcprenew /usr/bin/dhcprenew.disabled + + # Notify admin via control panel + rm /usr/local/vesta/data/users/admin/notifications.conf + touch /usr/local/vesta/data/users/admin/notifications.conf + /usr/local/vesta/bin/v-add-user-notification admin \ + "Security Check" "Your server was compromised please contact us at info@vestacp.com to get help." + + # Send email notification + send_mail="/usr/local/vesta/web/inc/mail-wrapper.php" + email=$(grep CONTACT /usr/local/vesta/data/users/admin/user.conf |cut -f2 -d \') + if [ ! -z "$email" ]; then + echo "Your server $(hostname) was compromised please contact us at info@vestacp.com to get help." |\ + $send_mail -s "SECURITY CHECK: Vesta Control Panel" $email + fi +fi + diff --git a/upd/limit_sudo.sh b/upd/limit_sudo.sh new file mode 100755 index 00000000..4f4ac924 --- /dev/null +++ b/upd/limit_sudo.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +if [ -e "/etc/sudoers.d/admin" ]; then + sed -i "s/admin.*ALL=(ALL).*/# sudo is limited to vesta scripts/" \ + /etc/sudoers.d/admin +fi From 83bd1f679f89e1df17f66cb4299ce9a631e789be Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 00:23:56 +0300 Subject: [PATCH 084/140] added missing month in spec file --- src/rpm/specs/vesta.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index bb82d404..a611e45f 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -68,7 +68,7 @@ fi %config(noreplace) %{_vestadir}/web/css/uploadify.css %changelog -* Thu 18 2018 Serghey Rodin - 0.9.8-23 +* Thu Oct 18 2018 Serghey Rodin - 0.9.8-23 - Security fixes * Wed June 27 2018 Serghey Rodin - 0.9.8-22 From defba7221522bcb403ef7475e730dc6bb603841b Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 00:25:09 +0300 Subject: [PATCH 085/140] added missing month in spec file --- src/rpm/specs/vesta.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index a611e45f..10830d15 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -71,7 +71,7 @@ fi * Thu Oct 18 2018 Serghey Rodin - 0.9.8-23 - Security fixes -* Wed June 27 2018 Serghey Rodin - 0.9.8-22 +* Wed Jun 27 2018 Serghey Rodin - 0.9.8-22 - Security fixes * Fri May 11 2018 Serghey Rodin - 0.9.8-21 From f6f6f9cfbbf2979e301956d1c6ab5c44386822c0 Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Thu, 18 Oct 2018 10:01:35 +0200 Subject: [PATCH 086/140] Fix bug in password reset --- web/reset/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/reset/index.php b/web/reset/index.php index 0d90d15d..842dd2f3 100644 --- a/web/reset/index.php +++ b/web/reset/index.php @@ -48,7 +48,7 @@ if ((!empty($_POST['user'])) && (!empty($_POST['code'])) && (!empty($_POST['pass if ( $return_var == 0 ) { $data = json_decode(implode('', $output), true); $rkey = $data[$user]['RKEY']; - if (hash_equals($rkey, $POST[‘code’])) { + if (hash_equals($rkey, $_POST['code'])) { $v_password = tempnam("/tmp","vst"); $fp = fopen($v_password, "w"); fwrite($fp, $_POST['password']."\n"); From 32fbc253a92352376ff301ad9504ef39add726c4 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 14:20:14 +0300 Subject: [PATCH 087/140] Additional argument check for remote hosts --- bin/v-add-backup-host | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/bin/v-add-backup-host b/bin/v-add-backup-host index 327703a7..b21880c5 100755 --- a/bin/v-add-backup-host +++ b/bin/v-add-backup-host @@ -38,8 +38,8 @@ EOF sftpc() { expect -f "-" </dev/null 2>&1 check_result $? "expect command not found" $E_NOTEXIST fi + host "$host" >/dev/null 2>&1 + check_result $? "host connection failed" "$E_CONNECT" fi From cbbf27fc46e46cf79cbceec8cd1feaaac1be1cc0 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 14:36:17 +0300 Subject: [PATCH 088/140] Additional argument check for remote hosts --- bin/v-add-backup-host | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-add-backup-host b/bin/v-add-backup-host index b21880c5..4e727229 100755 --- a/bin/v-add-backup-host +++ b/bin/v-add-backup-host @@ -94,7 +94,7 @@ EOF if [ "$type" != 'local' ];then check_args '4' "$#" "TYPE HOST USERNAME PASSWORD [PATH] [PORT]" - is_format_valid 'user' 'host' + is_format_valid 'user' 'host' 'path' 'port' is_password_valid if [ "$type" = 'sftp' ]; then which expect >/dev/null 2>&1 From 8e37c4fa0f8dc239f0c1d1b0b5af791b8682bca9 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 18 Oct 2018 17:46:34 +0300 Subject: [PATCH 089/140] switch from c.vestacp.com to local configs --- install/vst-install-debian.sh | 117 ++++++++++++++++------------------ 1 file changed, 55 insertions(+), 62 deletions(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 47f36142..769ddfa6 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -16,7 +16,7 @@ arch=$(uname -i) os='debian' release=$(cat /etc/debian_version|grep -o [0-9]|head -n1) codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" -vestacp="http://$CHOST/$VERSION/$release" +vestacp="$VESTA/install/$VERSION/$release" if [ "$release" -eq 9 ]; then software="nginx apache2 apache2-utils apache2-suexec-custom @@ -274,7 +274,7 @@ if [ ! -e '/usr/bin/wget' ]; then fi # Checking repository availability -wget -q "$vestacp/deb_signing.key" -O /dev/null +wget -q "c.vestacp.com/deb_signing.key" -O /dev/null check_result $? "No access to Vesta repository" # Check installed packages @@ -682,9 +682,9 @@ chmod 755 /usr/bin/rssh # Configure VESTA # #----------------------------------------------------------# -# Downloading sudo configuration +# Installing sudo configuration mkdir -p /etc/sudoers.d -wget $vestacp/sudo/admin -O /etc/sudoers.d/admin +cp -f $vestacp/sudo/admin /etc/sudoers.d/ chmod 440 /etc/sudoers.d/admin # Configuring system env @@ -695,8 +695,8 @@ echo 'PATH=$PATH:'$VESTA'/bin' >> /root/.bash_profile echo 'export PATH' >> /root/.bash_profile source /root/.bash_profile -# Configuring logrotate for vesta logs -wget $vestacp/logrotate/vesta -O /etc/logrotate.d/vesta +# Configuring logrotate for Vesta logs +cp -f $vestacp/logrotate/vesta /etc/logrotate.d/ # Building directory tree and creating some blank files for vesta mkdir -p $VESTA/conf $VESTA/log $VESTA/ssl $VESTA/data/ips \ @@ -808,25 +808,18 @@ echo "LANGUAGE='$lang'" >> $VESTA/conf/vesta.conf # Version echo "VERSION='0.9.8'" >> $VESTA/conf/vesta.conf -# Downloading hosting packages -cd $VESTA/data -wget $vestacp/packages.tar.gz -O packages.tar.gz -tar -xzf packages.tar.gz -rm -f packages.tar.gz +# Installing hosting packages +cp -rf $vestacp/packages $VESTA/data/ -# Downloading templates -wget $vestacp/templates.tar.gz -O templates.tar.gz -tar -xzf templates.tar.gz -rm -f templates.tar.gz +# Installing templates +cp -rf $vestacp/templates $VESTA/data/ # Copying index.html to default documentroot -cp templates/web/skel/public_html/index.html /var/www/ +cp $VESTA/data/templates/web/skel/public_html/index.html /var/www/ sed -i 's/%domain%/It worked!/g' /var/www/index.html -# Downloading firewall rules -wget $vestacp/firewall.tar.gz -O firewall.tar.gz -tar -xzf firewall.tar.gz -rm -f firewall.tar.gz +# Installing firewall rules +cp -rf $vestacp/firewall $VESTA/data/ # Configuring server hostname $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null @@ -855,12 +848,12 @@ rm /tmp/vst.pem if [ "$nginx" = 'yes' ]; then rm -f /etc/nginx/conf.d/*.conf - wget $vestacp/nginx/nginx.conf -O /etc/nginx/nginx.conf - wget $vestacp/nginx/status.conf -O /etc/nginx/conf.d/status.conf - wget $vestacp/nginx/phpmyadmin.inc -O /etc/nginx/conf.d/phpmyadmin.inc - wget $vestacp/nginx/phppgadmin.inc -O /etc/nginx/conf.d/phppgadmin.inc - wget $vestacp/nginx/webmail.inc -O /etc/nginx/conf.d/webmail.inc - wget $vestacp/logrotate/nginx -O /etc/logrotate.d/nginx + cp -f $vestacp/nginx/nginx.conf /etc/nginx/ + cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ + cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains update-rc.d nginx defaults @@ -874,9 +867,9 @@ fi #----------------------------------------------------------# if [ "$apache" = 'yes' ]; then - wget $vestacp/apache2/apache2.conf -O /etc/apache2/apache2.conf - wget $vestacp/apache2/status.conf -O /etc/apache2/mods-enabled/status.conf - wget $vestacp/logrotate/apache2 -O /etc/logrotate.d/apache2 + cp -f $vestacp/apache2/apache2.conf /etc/apache2/ + cp -f $vestacp/apache2/status.conf /etc/apache2/mods-enabled/ + cp -f $vestacp/logrotate/apache2 /etc/logrotate.d/ a2enmod rewrite a2enmod suexec a2enmod ssl @@ -909,12 +902,12 @@ fi if [ "$phpfpm" = 'yes' ]; then if [ "$release" -eq 9 ]; then - wget $vestacp/php-fpm/www.conf -O /etc/php/7.0/fpm/pool.d/www.conf + cp -f $vestacp/php-fpm/www.conf /etc/php/7.0/fpm/pool.d/www.conf update-rc.d php7.0-fpm defaults service php7.0-fpm start check_result $? "php-fpm start failed" else - wget $vestacp/php5-fpm/www.conf -O /etc/php5/fpm/pool.d/www.conf + cp -f $vestacp/php5-fpm/www.conf /etc/php5/fpm/pool.d/www.conf update-rc.d php5-fpm defaults service php5-fpm start check_result $? "php-fpm start failed" @@ -941,7 +934,7 @@ done #----------------------------------------------------------# if [ "$vsftpd" = 'yes' ]; then - wget $vestacp/vsftpd/vsftpd.conf -O /etc/vsftpd.conf + cp -f $vestacp/vsftpd/vsftpd.conf /etc/ update-rc.d vsftpd defaults service vsftpd start check_result $? "vsftpd start failed" @@ -957,7 +950,7 @@ fi if [ "$proftpd" = 'yes' ]; then echo "127.0.0.1 $servername" >> /etc/hosts - wget $vestacp/proftpd/proftpd.conf -O /etc/proftpd/proftpd.conf + cp -f $vestacp/proftpd/proftpd.conf /etc/proftpd/ update-rc.d proftpd defaults service proftpd start check_result $? "proftpd start failed" @@ -978,7 +971,7 @@ if [ "$mysql" = 'yes' ]; then fi # MySQL configuration - wget $vestacp/mysql/$mycnf -O /etc/mysql/my.cnf + cp -f $vestacp/mysql/$mycnf /etc/mysql/my.cnf mysql_install_db update-rc.d mysql defaults service mysql start @@ -997,10 +990,10 @@ if [ "$mysql" = 'yes' ]; then # Configuring phpMyAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pma/apache.conf -O /etc/phpmyadmin/apache.conf + cp -f $vestacp/pma/apache.conf /etc/phpmyadmin/ ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf fi - wget $vestacp/pma/config.inc.php -O /etc/phpmyadmin/config.inc.php + cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/ chmod 777 /var/lib/phpmyadmin/tmp fi @@ -1010,16 +1003,15 @@ fi if [ "$postgresql" = 'yes' ]; then ppass=$(gen_pass) - wget $vestacp/postgresql/pg_hba.conf -O /etc/postgresql/*/main/pg_hba.conf + cp -f $vestacp/postgresql/pg_hba.conf /etc/postgresql/*/main/ service postgresql restart sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin if [ "$apache" = 'yes' ]; then - wget $vestacp/pga/phppgadmin.conf \ - -O /etc/apache2/conf.d/phppgadmin.conf + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ fi - wget $vestacp/pga/config.inc.php -O /etc/phppgadmin/config.inc.php + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi @@ -1028,7 +1020,7 @@ fi #----------------------------------------------------------# if [ "$named" = 'yes' ]; then - wget $vestacp/bind/named.conf -O /etc/bind/named.conf + cp -f $vestacp/bind/named.conf /etc/bind/ sed -i "s%listen-on%//listen%" /etc/bind/named.conf.options chown root:bind /etc/bind/named.conf chmod 640 /etc/bind/named.conf @@ -1049,9 +1041,9 @@ fi if [ "$exim" = 'yes' ]; then gpasswd -a Debian-exim mail - wget $vestacp/exim/exim4.conf.template -O /etc/exim4/exim4.conf.template - wget $vestacp/exim/dnsbl.conf -O /etc/exim4/dnsbl.conf - wget $vestacp/exim/spam-blocks.conf -O /etc/exim4/spam-blocks.conf + cp -f $vestacp/exim/exim4.conf.template /etc/exim4/ + cp -f $vestacp/exim/dnsbl.conf /etc/exim4/ + cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ touch /etc/exim4/white-blocks.conf if [ "$spamd" = 'yes' ]; then @@ -1084,12 +1076,8 @@ fi if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail - wget $vestacp/dovecot.tar.gz -O /etc/dovecot.tar.gz - wget $vestacp/logrotate/dovecot -O /etc/logrotate.d/dovecot - cd /etc - rm -rf dovecot dovecot.conf - tar -xzf dovecot.tar.gz - rm -f dovecot.tar.gz + cp -rf $vestacp/dovecot /etc/ + cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* update-rc.d dovecot defaults service dovecot start @@ -1104,7 +1092,7 @@ fi if [ "$clamd" = 'yes' ]; then gpasswd -a clamav mail gpasswd -a clamav Debian-exim - wget $vestacp/clamav/clamd.conf -O /etc/clamav/clamd.conf + cp -f $vestacp/clamav/clamd.conf /etc/clamav/ /usr/bin/freshclam update-rc.d clamav-daemon defaults if [ ! -d "/var/run/clamav" ]; then @@ -1145,19 +1133,18 @@ fi if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then - wget $vestacp/roundcube/apache.conf -O /etc/roundcube/apache.conf + cp -f $vestacp/roundcube/apache.conf /etc/roundcube/ ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf fi - wget $vestacp/roundcube/main.inc.php -O /etc/roundcube/main.inc.php - wget $vestacp/roundcube/db.inc.php -O /etc/roundcube/db.inc.php + cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ + cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ chmod 640 /etc/roundcube/debian-db-roundcube.php chmod 640 /etc/roundcube/config.inc.php chown root:www-data /etc/roundcube/debian-db-roundcube.php chown root:www-data /etc/roundcube/config.inc.php - wget $vestacp/roundcube/vesta.php -O \ - /usr/share/roundcube/plugins/password/drivers/vesta.php - wget $vestacp/roundcube/config.inc.php -O \ - /etc/roundcube/plugins/password/config.inc.php + cp -f $vestacp/roundcube/vesta.php \ + /usr/share/roundcube/plugins/password/drivers/ + cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ r="$(gen_pass)" mysql -e "CREATE DATABASE roundcube" mysql -e "GRANT ALL ON roundcube.* @@ -1208,10 +1195,7 @@ fi #----------------------------------------------------------# if [ "$fail2ban" = 'yes' ]; then - cd /etc - wget $vestacp/fail2ban.tar.gz -O fail2ban.tar.gz - tar -xzf fail2ban.tar.gz - rm -f fail2ban.tar.gz + cp -rf $vestacp/fail2ban /etc/ if [ "$dovecot" = 'no' ]; then fline=$(cat /etc/fail2ban/jail.local |grep -n dovecot-iptables -A 2) fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) @@ -1222,6 +1206,15 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/true/false/" /etc/fail2ban/jail.local fi + if [ "$vsftpd" = 'yes' ]; then + #Create vsftpd Log File + if [ ! -f "/var/log/vsftpd.log" ]; then + touch /var/log/vsftpd.log + fi + fline=$(cat /etc/fail2ban/jail.local |grep -n vsftpd-iptables -A 2) + fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) + sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local + fi update-rc.d fail2ban defaults service fail2ban start check_result $? "fail2ban start failed" From b9252066e180651663766f052e0012319c39a172 Mon Sep 17 00:00:00 2001 From: Marcos Date: Fri, 19 Oct 2018 01:54:22 +0200 Subject: [PATCH 090/140] spanish revision --- web/inc/i18n/es.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index 8cf45ddf..bfc3ac6a 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -197,7 +197,7 @@ $LANG['es'] = array( 'IP Addresses' => 'Direcciones IP', 'Backups' => 'Respaldos', 'Backup System' => 'Sistema de Respaldo', - 'backup exclusions' => 'configurar exlusiones', + 'backup exclusions' => 'configurar exclusiones', 'template' => 'plantilla', 'SSL Support' => 'Soportar SSL', 'SSL Home Directory' => 'Directorio local del SSL', @@ -641,9 +641,9 @@ $LANG['es'] = array( 'Delete items' => 'Eliminando items', 'Copy files' => 'Copiar archivos', 'Move files' => 'Mover archivos', - 'Are you sure you want to copy' => 'Estás seguro que deseas copiar', - 'Are you sure you want to move' => 'Estás seguro que deseas mover', - 'Are you sure you want to delete' => 'Estás seguro que deseas eliminar', + 'Are you sure you want to copy' => 'Estás seguro de que deseas copiar', + 'Are you sure you want to move' => 'Estás seguro de que deseas mover', + 'Are you sure you want to delete' => 'Estás seguro de que deseas eliminar', 'into' => 'en', 'existing files will be replaced' => 'los archivos existentes serán reemplazados', 'Original name' => 'Nombre original', @@ -711,7 +711,7 @@ $LANG['es'] = array( 'Disable and Cancel Licence' => 'Deshabilitar y Cancelar Licencia', 'Licence Activated' => 'Licencia Activada', 'Licence Deactivated' => 'Licencia Desactivada', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restringue a los usuarios para que sólo puedan ingresar a su directorio local y prohíbe el acceso a SSH.', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restringe a los usuarios para que sólo puedan ingresar a su directorio local y prohíbe el acceso a SSH.', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Navegar, copiar, editar, ver y descargar todos los archivos de tu página web utilizando el Administrador de Archivos.', 'This is a commercial module, you would need to purchace license key to enable it.' => 'Este es un módulo comercial, tendrás que adquirir una licencia para poder activarlo.', @@ -752,8 +752,8 @@ $LANG['es'] = array( 'PUB_KEY' => 'CLAVE PÚBLICA', 'ISSUER' => 'EMITIDO POR', - 'Use server hostname' => 'Usar hostname del servidor', - 'Use domain hostname' => 'Usar hostname del dominio', + 'Use server hostname' => 'Usar el nombre del servidor', + 'Use domain hostname' => 'Usar el dominio', 'Use STARTTLS' => 'Usar STARTTLS', 'Use SSL / TLS' => 'Usar SSL / TLS', 'No encryption' => 'Sin encriptación', @@ -761,6 +761,6 @@ $LANG['es'] = array( 'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'Datos de acceso a la cuenta de correo', ); From 50205c99ec77bd60d99e2df21eee8db24323143b Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Thu, 25 Oct 2018 19:20:08 +0000 Subject: [PATCH 091/140] supose fix to #1526 i cannot see any diference, but on debian it apears that there is an diference. maybe because the system has tis var exported? (DISK) --- bin/v-update-user-counters | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-update-user-counters b/bin/v-update-user-counters index 5fcdd671..50b903bd 100755 --- a/bin/v-update-user-counters +++ b/bin/v-update-user-counters @@ -53,6 +53,9 @@ for user in $user_list; do IP_OWNED=0 U_USERS=0 U_DISK=0 + ##supose fix to #1526 i cannot see any diference, but on debian it apears that there is an diference. + ## maybe because the system has tis var exported? (DISK) + DISK=0 U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS') if [ -z "$U_DISK_DIRS" ]; then U_DISK_DIRS=0 From 06f670046b21bf8528201c07389d9ab4fbb7cefe Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Thu, 25 Oct 2018 19:44:46 +0000 Subject: [PATCH 092/140] Fix: #1731 Now checks if the domain is suspended (WEB or EMAIL or DNS) if so, continue to the next domain --- bin/v-update-letsencrypt-ssl | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index 907d305f..2771f9f8 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -31,7 +31,22 @@ for user in $users; do # Checking user certificates lecounter=0 for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do - + # Working on Web domain check - if is suspended + webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='no") + if [ ! -z "$webSuspended" ]; then + continue; + fi; + # Working on DNS domain check - if is suspended + dnsSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf |grep "SUSPENDED='no") + if [ ! -z "$dnsSuspended" ]; then + continue; + fi; + #dunno if this is needed, but i will ut it in the same way as web and dns + # Working on MAIL domain check - if is suspended + mailSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/mail.conf |grep "SUSPENDED='no") + if [ ! -z "$mailSuspended" ]; then + continue; + fi crt="$VESTA/data/users/$user/ssl/$domain.crt" crt_data=$(openssl x509 -text -in "$crt") expire=$(echo "$crt_data" |grep "Not After") From 32e970d111e9f87ebb4530663bfa4ebd1f53a210 Mon Sep 17 00:00:00 2001 From: dpeca Date: Fri, 26 Oct 2018 18:02:24 +0200 Subject: [PATCH 093/140] Fix for dovecot namespace inbox=yes --- install/vst-install-debian.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 769ddfa6..4f7aa770 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1079,6 +1079,7 @@ if [ "$dovecot" = 'yes' ]; then cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* + sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf update-rc.d dovecot defaults service dovecot start check_result $? "dovecot start failed" From 21dd9fae6d0908d144b3b747271dce11ea9398e8 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 28 Oct 2018 00:23:12 +0200 Subject: [PATCH 094/140] Avoid listing user that is not created from Vesta --- bin/v-list-users | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/bin/v-list-users b/bin/v-list-users index 14a6d007..32a94736 100755 --- a/bin/v-list-users +++ b/bin/v-list-users @@ -15,9 +15,14 @@ format=${1-shell} # JSON list function json_list() { echo '{' - object_count=$(grep '@' /etc/passwd |wc -l) i=1 while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi + if [ $i -gt 1 ]; then + echo "," + fi source $VESTA/data/users/$USER/user.conf echo -n ' "'$USER'": { "FNAME": "'$FNAME'", @@ -74,14 +79,8 @@ json_list() { "TIME": "'$TIME'", "DATE": "'$DATE'" }' - if [ "$i" -lt "$object_count" ]; then - echo ',' - else - echo - fi ((i++)) done < <(grep '@' /etc/passwd |cut -f1 -d:) - echo '}' } @@ -90,6 +89,9 @@ shell_list() { echo "USER PKG WEB DNS MAIL DB DISK BW SPND DATE" echo "---- --- --- --- --- -- ---- -- ---- ----" while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -n "$USER $PACKAGE $U_WEB_DOMAINS $U_DNS_DOMAINS $U_MAIL_DOMAINS" echo " $U_DATABASES $U_DISK $U_BANDWIDTH $SUSPENDED $DATE" @@ -99,6 +101,9 @@ shell_list() { # PLAIN list function plain_list() { while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -ne "$USER\t$FNAME\t$LNAME\t$PACKAGE\t$WEB_TEMPLATE\t" echo -ne "$BACKEND_TEMPLATE\t$PROXY_TEMPLATE\t$DNS_TEMPLATE\t" @@ -131,6 +136,9 @@ csv_list() { echo -n "U_MAIL_DOMAINS,U_MAIL_DKIM,U_MAIL_ACCOUNTS,U_DATABASES" echo "U_CRON_JOBS,U_BACKUPS,LANGUAGE,TIME,DATE" while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi source $VESTA/data/users/$USER/user.conf echo -n "$USER,\"$FNAME\",\"$LNAME\",$PACKAGE,$WEB_TEMPLATE," echo -n "$BACKEND_TEMPLATE,$PROXY_TEMPLATE,$DNS_TEMPLATE," @@ -151,6 +159,9 @@ csv_list() { # Raw list function raw_list() { while read USER; do + if [ ! -f "$VESTA/data/users/$USER/user.conf" ]; then + continue; + fi echo $VESTA/data/users/$USER/user.conf cat $VESTA/data/users/$USER/user.conf done < <(grep '@' /etc/passwd |cut -f1 -d:) From 5ab9fc5f4acda403d135707e67f8562dc3449695 Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 28 Oct 2018 00:31:34 +0200 Subject: [PATCH 095/140] Avoid user stats for the user that is not created from Vesta --- bin/v-update-user-stats | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-update-user-stats b/bin/v-update-user-stats index f6b5ff56..23854328 100755 --- a/bin/v-update-user-stats +++ b/bin/v-update-user-stats @@ -67,6 +67,9 @@ TOTAL_USERS=0 # Updating user stats for user in $user_list; do + if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then + continue; + fi USER_DATA=$VESTA/data/users/$user source $USER_DATA/user.conf next_month=$(date +'%m/01/%y' -d '+ 1 month') From 76319e5a1b2fae758ac7bc86bd22f069bac5a9ad Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 28 Oct 2018 03:29:50 +0100 Subject: [PATCH 096/140] Avoid user backup if user is not created from Vesta --- bin/v-backup-users | 3 +++ 1 file changed, 3 insertions(+) diff --git a/bin/v-backup-users b/bin/v-backup-users index e96eb2fb..bbabf3db 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -28,6 +28,9 @@ if [ -z "$BACKUP_SYSTEM" ]; then exit fi for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "$VESTA/data/users/$user/user.conf" ]; then + continue; + fi check_suspend=$(grep "SUSPENDED='no'" $VESTA/data/users/$user/user.conf) log=$VESTA/log/backup.log if [ ! -z "$check_suspend" ]; then From fa331e6ef2c98914b3a51147b75f5425adde65c2 Mon Sep 17 00:00:00 2001 From: Skull Writter <7103685+skullwritter@users.noreply.github.com> Date: Tue, 30 Oct 2018 16:25:24 -0100 Subject: [PATCH 097/140] removed dns and mail support - checking le --- bin/v-update-letsencrypt-ssl | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index 2771f9f8..6e26d7e5 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -36,17 +36,6 @@ for user in $users; do if [ ! -z "$webSuspended" ]; then continue; fi; - # Working on DNS domain check - if is suspended - dnsSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/dns.conf |grep "SUSPENDED='no") - if [ ! -z "$dnsSuspended" ]; then - continue; - fi; - #dunno if this is needed, but i will ut it in the same way as web and dns - # Working on MAIL domain check - if is suspended - mailSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/mail.conf |grep "SUSPENDED='no") - if [ ! -z "$mailSuspended" ]; then - continue; - fi crt="$VESTA/data/users/$user/ssl/$domain.crt" crt_data=$(openssl x509 -text -in "$crt") expire=$(echo "$crt_data" |grep "Not After") From 6a753f65f2147557b6e04bd1f95d634bc50b2af0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Vielma?= Date: Wed, 31 Oct 2018 10:29:25 -0400 Subject: [PATCH 098/140] Spanish translation improvements --- web/inc/i18n/es.php | 90 ++++++++++++++++++++++----------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index bfc3ac6a..212d78a2 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -8,7 +8,7 @@ * > huloza - https://github.com/huloza * > Estratos Consulting "estratos" - estratos.net * > Manuel Valle "Estilate" - estilate.com - * + * */ $LANG['es'] = array( @@ -145,7 +145,7 @@ $LANG['es'] = array( 'Search Results' => 'Resultados de Busqueda', 'Adding Firewall Rule' => 'Añadiendo Regla al Cortafuegos', 'Editing Firewall Rule' => 'Editando Regla del Cortafuegos', - 'Adding IP Address to Banlist' => 'Agregando direcciones IP a la lista negra', + 'Adding IP Address to Banlist' => 'Agregando dirección IP a la lista negra', 'active' => 'activo', 'spnd' => 'suspendido', @@ -288,18 +288,18 @@ $LANG['es'] = array( 'Object' => 'Objeto', 'Username' => 'Nombre de Usuario', 'Password' => 'Contraseña', - 'Email' => 'Email', + 'Email' => 'Correo electrónico', 'Package' => 'Plan', - 'Language' => 'Lenguaje', + 'Language' => 'Idioma', 'First Name' => 'Nombre', 'Last Name' => 'Apellido', 'Send login credentials to email address' => 'Correo para enviar datos de acceso al panel', - 'Default Template' => 'Plantilla por Defecto', - 'Default Name Servers' => 'Servidor de Nombre por Defecto', + 'Default Template' => 'Plantilla Predeterminada', + 'Default Name Servers' => 'Servidor de Nombre Predeterminado', 'Domain' => 'Dominio', 'DNS Support' => 'Soportar DNS', 'Mail Support' => 'Soportar Correo', - 'Advanced options' => 'Opciones Avanzadas', + 'Advanced options' => 'Opciones avanzadas', 'Basic options' => 'Opciones básicas', 'Aliases' => 'Alias', 'SSL Certificate' => 'Certificado SSL', @@ -395,7 +395,7 @@ $LANG['es'] = array( 'Comment' => 'Comentario', 'Banlist' => 'Lista Negra', 'ranges are acceptable' => 'rangos son aceptables', - 'CIDR format is supported' => 'Se admite formato CIDR', + 'CIDR format is supported' => 'se admite formato CIDR', 'ACCEPT' => 'ACEPTAR', 'DROP' => 'DENEGAR', 'TCP' => 'TCP', @@ -455,7 +455,7 @@ $LANG['es'] = array( 'MAIL_DOMAIN_CREATED_OK' => 'El Dominio de Correo %s ha sido creado exitosamente.', 'MAIL_ACCOUNT_CREATED_OK' => 'La Cuenta de Correo %s@%s ha sido creada exitosamente.', 'DATABASE_CREATED_OK' => 'La Base de Datos %s ha sido creada exitosamente.', - 'CRON_CREATED_OK' => 'Una Tarea Programada ha sido creada exitosamente.', + 'CRON_CREATED_OK' => 'La Tarea Programada ha sido creada exitosamente.', 'IP_CREATED_OK' => 'La Dirección IP %s ha sido creada exitosamente.', 'PACKAGE_CREATED_OK' => 'El Plan %s ha sido creado exitosamente.', 'SSL_GENERATED_OK' => 'El certificado SSl ha sido creado exitosamente.', @@ -467,33 +467,33 @@ $LANG['es'] = array( 'Cronjob email reporting has been successfully disabled' => 'Se han desactivado exitosamente las notificaciones por correo de las Tareas Programadas.', 'Changes has been saved.' => 'Los cambios han sido guardados exitosamente.', 'Confirmation' => 'Confirmación', - 'DELETE_USER_CONFIRMATION' => '¿Está seguro que desea eliminar el usuario %s?', - 'SUSPEND_USER_CONFIRMATION' => '¿Está seguro que desea suspender el usuario %s?', - 'UNSUSPEND_USER_CONFIRMATION' => '¿Está seguro que desea habilitar el usuario %s?', - 'DELETE_DOMAIN_CONFIRMATION' => '¿Está seguro que desea eliminar el dominio %s?', - 'SUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro que desea suspender el dominio %s?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro que desea habilitar el dominio %s?', - 'DELETE_RECORD_CONFIRMATION' => '¿Está seguro que desea eliminar el registro %s?', - 'SUSPEND_RECORD_CONFIRMATION' => '¿Está seguro que desea suspender el registro %s?', - 'UNSUSPEND_RECORD_CONFIRMATION' => '¿Está seguro que desea habilitar el registro %s?', - 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea eliminar la cuenta de correo %s?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea suspender la cuenta de correo %s?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro que desea habilitar la cuenta de correo %s?', - 'DELETE_DATABASE_CONFIRMATION' => '¿Está seguro que desea eliminar la base de datos %s?', - 'SUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro que desea suspender la base de datos %s?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro que desea habilitar la base de datos %s?', - 'DELETE_CRON_CONFIRMATION' => '¿Está seguro que desea eliminar la tarea programada %s?', - 'SUSPEND_CRON_CONFIRMATION' => '¿Está seguro que desea suspender la tarea programada %s?', - 'UNSUSPEND_CRON_CONFIRMATION' => '¿Está seguro que desea habilitar la tarea programada %s?', - 'DELETE_BACKUP_CONFIRMATION' => '¿Está seguro que desea eliminar el resplado %s?', - 'DELETE_EXCLUSION_CONFIRMATION' => '¿Está seguro que desea eliminar la exclusión %s?', - 'DELETE_PACKAGE_CONFIRMATION' => '¿Está seguro que desea eliminar el plan %s?', - 'DELETE_IP_CONFIRMATION' => '¿Está seguro que desea eliminar la dirección IP %s?', - 'DELETE_RULE_CONFIRMATION' => '¿Está seguro que desea eliminar la regla #%s', - 'SUSPEND_RULE_CONFIRMATION' => '¿Está seguro que desea suspender la regla #%s?', - 'UNSUSPEND_RULE_CONFIRMATION' => '¿Está seguro que desea habilitar la regla #%s?', + 'DELETE_USER_CONFIRMATION' => '¿Está seguro de que desea eliminar el usuario %s?', + 'SUSPEND_USER_CONFIRMATION' => '¿Está seguro de que desea suspender el usuario %s?', + 'UNSUSPEND_USER_CONFIRMATION' => '¿Está seguro de que desea habilitar el usuario %s?', + 'DELETE_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea eliminar el dominio %s?', + 'SUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea suspender el dominio %s?', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => '¿Está seguro de que desea habilitar el dominio %s?', + 'DELETE_RECORD_CONFIRMATION' => '¿Está seguro de que desea eliminar el registro %s?', + 'SUSPEND_RECORD_CONFIRMATION' => '¿Está seguro de que desea suspender el registro %s?', + 'UNSUSPEND_RECORD_CONFIRMATION' => '¿Está seguro de que desea habilitar el registro %s?', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea eliminar la cuenta de correo %s?', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea suspender la cuenta de correo %s?', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '¿Está seguro de que desea habilitar la cuenta de correo %s?', + 'DELETE_DATABASE_CONFIRMATION' => '¿Está seguro de que desea eliminar la base de datos %s?', + 'SUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro de que desea suspender la base de datos %s?', + 'UNSUSPEND_DATABASE_CONFIRMATION' => '¿Está seguro de que desea habilitar la base de datos %s?', + 'DELETE_CRON_CONFIRMATION' => '¿Está seguro de que desea eliminar la tarea programada %s?', + 'SUSPEND_CRON_CONFIRMATION' => '¿Está seguro de que desea suspender la tarea programada %s?', + 'UNSUSPEND_CRON_CONFIRMATION' => '¿Está seguro de que desea habilitar la tarea programada %s?', + 'DELETE_BACKUP_CONFIRMATION' => '¿Está seguro de que desea eliminar el resplado %s?', + 'DELETE_EXCLUSION_CONFIRMATION' => '¿Está seguro de que desea eliminar la exclusión %s?', + 'DELETE_PACKAGE_CONFIRMATION' => '¿Está seguro de que desea eliminar el plan %s?', + 'DELETE_IP_CONFIRMATION' => '¿Está seguro de que desea eliminar la dirección IP %s?', + 'DELETE_RULE_CONFIRMATION' => '¿Está seguro de que desea eliminar la regla #%s', + 'SUSPEND_RULE_CONFIRMATION' => '¿Está seguro de que desea suspender la regla #%s?', + 'UNSUSPEND_RULE_CONFIRMATION' => '¿Está seguro de que desea habilitar la regla #%s?', 'LEAVE_PAGE_CONFIRMATION' => '¿Está seguro de que quiere abandonar esta página?', - 'RESTART_CONFIRMATION' => '¿Está seguro que desea reiniciar %s?', + 'RESTART_CONFIRMATION' => '¿Está seguro de que desea reiniciar %s?', 'Welcome' => 'Bienvenido', 'LOGGED_IN_AS' => 'Has iniciado sesión exitosamente con el usuario %s.', 'Error' => 'Error', @@ -506,10 +506,10 @@ $LANG['es'] = array( 'Error code:' => 'Código de Error: %s', 'SERVICE_ACTION_FAILED' => '"%s" "%s" ha fallado', 'IP address is in use' => 'La Dirección IP está en uso.', - 'BACKUP_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando el respaldo esté listo para su descarga.', - 'BACKUP_EXISTS' => 'Se está realizando un respaldo en este momento. Por favor espere a que éste termine.', + 'BACKUP_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando el respaldo esté listo para su descarga.', + 'BACKUP_EXISTS' => 'Se está realizando un respaldo en este momento. Por favor espere a que este termine.', 'RESTORE_SCHEDULED' => 'La tarea se ha añadido a la cola. Recibirá un correo de notificación cuando la restauración haya terminado.', - 'RESTORE_EXISTS' => 'Se está realizando una restauración en este momento. Por favor espere a que ésta termine.', + 'RESTORE_EXISTS' => 'Se está realizando una restauración en este momento. Por favor espere a que esta termine.', 'WEB_EXCLUSIONS' => 'Ingrese el nombre de dominio, uno por línea. Para excluir a todos utilice *. Para excluir directorios específicos utilice el siguiente formato: dominio.com:public_html/cache:public_html/tmp', 'DNS_EXCLUSIONS' => 'Ingrese el nombre de dominio, uno por línea. Para excluir a todos utilice *', @@ -557,7 +557,7 @@ $LANG['es'] = array( 'Configuring Server' => 'Configurar Servidor', 'Hostname' => 'Nombre del Servidor', 'Time Zone' => 'Zona Horaria', - 'Default Language' => 'Idioma por Defecto', + 'Default Language' => 'Idioma Predeterminado', 'Proxy Server' => 'Servidor Proxy', 'Web Server' => 'Servidor Web', 'Backend Server' => 'Backend Server', @@ -615,7 +615,7 @@ $LANG['es'] = array( 'EXTRACT' => 'EXTRAER', 'DOWNLOAD' => 'DESCARGAR', 'Are you sure?' => '¿Estás seguro?', - 'Hit' => 'Hit', + 'Hit' => 'Pulsa', 'to reload the page' => 'para recargar la página', 'Directory name cannot be empty' => 'El nombre del directorio no puede estar vacío', 'File name cannot be empty' => 'El nombre del archivo no puede estar vacío', @@ -638,7 +638,7 @@ $LANG['es'] = array( 'OK' => 'OK', 'YOU ARE COPYING' => 'ESTÁS COPIANDO', 'YOU ARE REMOVING' => 'ESTÁS ELIMINANDO', - 'Delete items' => 'Eliminando items', + 'Delete items' => 'Eliminar elementos', 'Copy files' => 'Copiar archivos', 'Move files' => 'Mover archivos', 'Are you sure you want to copy' => 'Estás seguro de que deseas copiar', @@ -665,13 +665,13 @@ $LANG['es'] = array( 'Add New object' => 'Añadir Objeto Nuevo', 'Save Form' => 'Guardar Formulario', 'Cancel saving form' => 'Omitir guardar el formulario', - 'Go to USER list' => 'Ir a USUARIOS', // En mi opinión queda mejor "Ir a" que "Ir a Listado o Catalogo" + 'Go to USER list' => 'Ir a USUARIOS', 'Go to WEB list' => 'Ir a DOMINIOS / WEB', 'Go to DNS list' => 'Ir a DNS', 'Go to MAIL list' => 'Ir a CORREOS', 'Go to DB list' => 'Ir a BASES DE DATOS', - 'Go to CRON list' => 'IR a TAREAS PROGRAMADAS', - 'Go to BACKUP list' => 'IR a RESPALDOS', + 'Go to CRON list' => 'Ir a TAREAS PROGRAMADAS', + 'Go to BACKUP list' => 'Ir a RESPALDOS', 'Focus on search' => 'Desplegar Buscador', 'Display/Close shortcuts' => 'Mostrar/Ocultar atajos', 'Move backward through top menu' => 'Desplazarse hacia atrás en el menú superior', @@ -762,5 +762,5 @@ $LANG['es'] = array( 'maximum characters length, including prefix' => 'usar un máximo de %s caracteres, incluyendo prefijo', 'Email Credentials' => 'Datos de acceso a la cuenta de correo', - + ); From f9a15564e2e9748bd990c5f1e3c31f7b2c4620c8 Mon Sep 17 00:00:00 2001 From: dpeca Date: Wed, 31 Oct 2018 17:07:01 +0100 Subject: [PATCH 099/140] Escaping quotas in JSON output of v-list-web-domain-ssl --- bin/v-list-web-domain-ssl | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/v-list-web-domain-ssl b/bin/v-list-web-domain-ssl index c91a7cca..99fd5cf8 100755 --- a/bin/v-list-web-domain-ssl +++ b/bin/v-list-web-domain-ssl @@ -19,6 +19,7 @@ source $VESTA/func/main.sh # JSON list function json_list() { + issuer=$(echo "$issuer" |sed -e 's/"/\\"/g' -e "s/%quote%/'/g") echo '{' echo -e "\t\"$domain\": {" echo " \"CRT\": \"$crt\"," From 5170e5f5aa944a44e0b0becb066320e24328da9e Mon Sep 17 00:00:00 2001 From: dpeca Date: Sun, 4 Nov 2018 03:35:17 +0100 Subject: [PATCH 100/140] Dovecot fix namespace inbox=yes only for Debian9 --- install/vst-install-debian.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 4f7aa770..87edd88b 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -1079,7 +1079,9 @@ if [ "$dovecot" = 'yes' ]; then cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* - sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf + if [ "$release" -eq 9 ]; then + sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf + fi update-rc.d dovecot defaults service dovecot start check_result $? "dovecot start failed" From c32fa673e15272779de2934d410fff72cb6702c3 Mon Sep 17 00:00:00 2001 From: Alexandr Loskutov Date: Sun, 4 Nov 2018 08:21:36 +0200 Subject: [PATCH 101/140] Fix Dovecot namespace inbox=yes for CentOS 7 Co-Authored-By: dpeca --- install/vst-install-rhel.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 3aaad808..385534ec 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -1127,6 +1127,9 @@ if [ "$dovecot" = 'yes' ]; then cp -rf $vestacp/dovecot /etc/ cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* + if [ "$release" -eq 7 ]; then + sed -i "s#namespace inbox {#namespace inbox {\n inbox = yes#" /etc/dovecot/conf.d/15-mailboxes.conf + fi chkconfig dovecot on service dovecot start check_result $? "dovecot start failed" From 381bc48e9652bdcfe74ef0c864076fd48df5bc07 Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Thu, 8 Nov 2018 16:32:31 +0100 Subject: [PATCH 102/140] Fix dubble www --- bin/v-add-web-domain | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/bin/v-add-web-domain b/bin/v-add-web-domain index b937330c..1005bc9c 100755 --- a/bin/v-add-web-domain +++ b/bin/v-add-web-domain @@ -113,9 +113,12 @@ if [ "$aliases" = 'none' ]; then ALIAS='' else ALIAS="www.$domain" - if [ ! -z "$aliases" ]; then - ALIAS="$ALIAS,$aliases" + if [ -z "$aliases" ]; then + ALIAS="www.$domain" + else + ALIAS="$aliases" fi + ip_alias=$(get_ip_alias $domain) if [ ! -z "$ip_alias" ]; then ALIAS="$ALIAS,$ip_alias" From 2dc406aae4801b4151daa4f8e052a3ad367e3a8d Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Thu, 8 Nov 2018 16:33:34 +0100 Subject: [PATCH 103/140] Fix dubble www --- func/main.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/func/main.sh b/func/main.sh index e78e6edf..ca4ac3c5 100644 --- a/func/main.sh +++ b/func/main.sh @@ -933,7 +933,7 @@ format_aliases() { aliases=$(echo "$aliases" |tr -s '.') aliases=$(echo "$aliases" |sed -e "s/[.]*$//g") aliases=$(echo "$aliases" |sed -e "s/^[.]*//") - aliases=$(echo "$aliases" |grep -v www.$domain |sed -e "/^$/d") + aliases=$(echo "$aliases" |sed -e "/^$/d") aliases=$(echo "$aliases" |tr '\n' ',' |sed -e "s/,$//") fi } From b9210522f57ee8f1c090d607a73bef5663108a65 Mon Sep 17 00:00:00 2001 From: dpeca Date: Fri, 9 Nov 2018 17:47:05 +0100 Subject: [PATCH 104/140] Ubuntu 18.04 dovecot namespace inbox fix Fix based on https://github.com/serghey-rodin/vesta/pull/1669/files --- install/ubuntu/18.04/dovecot/dovecot.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install/ubuntu/18.04/dovecot/dovecot.conf b/install/ubuntu/18.04/dovecot/dovecot.conf index 311a3351..163460ba 100644 --- a/install/ubuntu/18.04/dovecot/dovecot.conf +++ b/install/ubuntu/18.04/dovecot/dovecot.conf @@ -3,7 +3,7 @@ listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf -namespace { +namespace inbox { type = private separator = / prefix = From e799566c6ba1c84e6689cb016bbc0f05abda2767 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:14:04 +0100 Subject: [PATCH 105/140] vary vary, causes page speed issues --- install/debian/7/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/7/nginx/nginx.conf b/install/debian/7/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/debian/7/nginx/nginx.conf +++ b/install/debian/7/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 591bfdaad19b91ed73ddf93313123ecc3c1b035b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:14:39 +0100 Subject: [PATCH 106/140] Update nginx.conf --- install/debian/8/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/8/nginx/nginx.conf b/install/debian/8/nginx/nginx.conf index 1eef1672..e8967d8e 100644 --- a/install/debian/8/nginx/nginx.conf +++ b/install/debian/8/nginx/nginx.conf @@ -51,6 +51,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From a3982fd477136acfa66314de153eee66a464151e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:16:24 +0100 Subject: [PATCH 107/140] Update nginx.conf vary on --- install/debian/9/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/debian/9/nginx/nginx.conf b/install/debian/9/nginx/nginx.conf index 1eef1672..e8967d8e 100644 --- a/install/debian/9/nginx/nginx.conf +++ b/install/debian/9/nginx/nginx.conf @@ -51,6 +51,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 4d70c416ca7425076e58fc921b051123f58c8abe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:17:02 +0100 Subject: [PATCH 108/140] Update nginx.conf vary on --- install/rhel/7/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/rhel/7/nginx/nginx.conf b/install/rhel/7/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/7/nginx/nginx.conf +++ b/install/rhel/7/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 49cf56972954ef9b3da144da60c1ab53007a6ce4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:17:31 +0100 Subject: [PATCH 109/140] Update nginx.conf vary on --- install/rhel/6/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/rhel/6/nginx/nginx.conf b/install/rhel/6/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/6/nginx/nginx.conf +++ b/install/rhel/6/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 812e001723fb1b62537d0b47daf3203f1f16c5e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:18:06 +0100 Subject: [PATCH 110/140] Update nginx.conf vary on --- install/rhel/5/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/rhel/5/nginx/nginx.conf b/install/rhel/5/nginx/nginx.conf index e0575030..0a37ebbc 100644 --- a/install/rhel/5/nginx/nginx.conf +++ b/install/rhel/5/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 4073325014f92dc1c34a43f5f36d5d0235eb29df Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:20:21 +0100 Subject: [PATCH 111/140] Update nginx.conf vary on --- install/ubuntu/12.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/12.04/nginx/nginx.conf b/install/ubuntu/12.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/12.04/nginx/nginx.conf +++ b/install/ubuntu/12.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 151f82e51958ff3941d4c32209c7a2e3264eb599 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:21:12 +0100 Subject: [PATCH 112/140] Update nginx.conf vary on --- install/ubuntu/18.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/18.04/nginx/nginx.conf b/install/ubuntu/18.04/nginx/nginx.conf index 790aee49..dc2cf1dd 100644 --- a/install/ubuntu/18.04/nginx/nginx.conf +++ b/install/ubuntu/18.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_static on; gzip_vary on; gzip_comp_level 6; From 61c439554e404fa124dc577c53649bb960e8b24e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:21:38 +0100 Subject: [PATCH 113/140] Update nginx.conf vary on --- install/ubuntu/17.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/17.10/nginx/nginx.conf b/install/ubuntu/17.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/17.10/nginx/nginx.conf +++ b/install/ubuntu/17.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 433166a4776b25d4469316cce98f64452650b73d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:22:32 +0100 Subject: [PATCH 114/140] Update nginx.conf vary on --- install/ubuntu/17.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/17.04/nginx/nginx.conf b/install/ubuntu/17.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/17.04/nginx/nginx.conf +++ b/install/ubuntu/17.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 46b7d8438fc3e477821c5004670c1918dab274ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:23:06 +0100 Subject: [PATCH 115/140] Update nginx.conf vary on --- install/ubuntu/12.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/12.10/nginx/nginx.conf b/install/ubuntu/12.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/12.10/nginx/nginx.conf +++ b/install/ubuntu/12.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From ef422f62f643b5212fc1543de82a407f95c65e5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:23:19 +0100 Subject: [PATCH 116/140] Update nginx.conf vary on --- install/ubuntu/13.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/13.04/nginx/nginx.conf b/install/ubuntu/13.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/13.04/nginx/nginx.conf +++ b/install/ubuntu/13.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From ccc4e5a2626607e09d84a99e7c5bec11c9e6d337 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:23:45 +0100 Subject: [PATCH 117/140] Update nginx.conf vary on --- install/ubuntu/13.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/13.10/nginx/nginx.conf b/install/ubuntu/13.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/13.10/nginx/nginx.conf +++ b/install/ubuntu/13.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 936b225b30382444ff45dd941597fa9ef570f76e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:02 +0100 Subject: [PATCH 118/140] Update nginx.conf vary on --- install/ubuntu/16.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/16.10/nginx/nginx.conf b/install/ubuntu/16.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/16.10/nginx/nginx.conf +++ b/install/ubuntu/16.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From d6e0b4e18f39a8169df8ffe83db0b3541e888cc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:17 +0100 Subject: [PATCH 119/140] Update nginx.conf vary on --- install/ubuntu/16.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/16.04/nginx/nginx.conf b/install/ubuntu/16.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/16.04/nginx/nginx.conf +++ b/install/ubuntu/16.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 0f1fb8aa43f3cf5c6947a0e9ceacf866f40a797d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:25 +0100 Subject: [PATCH 120/140] Update nginx.conf --- install/ubuntu/15.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/15.10/nginx/nginx.conf b/install/ubuntu/15.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/15.10/nginx/nginx.conf +++ b/install/ubuntu/15.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 13d713ecc817e6a894609e25d26500532cb56fa4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:42 +0100 Subject: [PATCH 121/140] Update nginx.conf --- install/ubuntu/15.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/15.04/nginx/nginx.conf b/install/ubuntu/15.04/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/15.04/nginx/nginx.conf +++ b/install/ubuntu/15.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From c82e50056d6f807a1f0056449b8f40c95e132c3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:24:58 +0100 Subject: [PATCH 122/140] Update nginx.conf vary on --- install/ubuntu/14.10/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/14.10/nginx/nginx.conf b/install/ubuntu/14.10/nginx/nginx.conf index e7256de7..6bc999f9 100644 --- a/install/ubuntu/14.10/nginx/nginx.conf +++ b/install/ubuntu/14.10/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From e67297010370a1a006815f18ea3a6a7e0ef86d96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luka=20Paunovi=C4=87?= Date: Wed, 14 Nov 2018 00:25:12 +0100 Subject: [PATCH 123/140] Update nginx.conf vary on --- install/ubuntu/14.04/nginx/nginx.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/install/ubuntu/14.04/nginx/nginx.conf b/install/ubuntu/14.04/nginx/nginx.conf index 1932d171..c44ab650 100644 --- a/install/ubuntu/14.04/nginx/nginx.conf +++ b/install/ubuntu/14.04/nginx/nginx.conf @@ -50,6 +50,7 @@ http { # Compression gzip on; + gzip_vary on; gzip_comp_level 9; gzip_min_length 512; gzip_buffers 8 64k; From 0437c4ac3ee2056f2ed2fdfd10a6e6693b292699 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Wed, 14 Nov 2018 17:53:48 +0200 Subject: [PATCH 124/140] fix backup exlustions for files --- bin/v-backup-user | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index f9569aa4..0c9e7c1b 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -216,6 +216,9 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then cp $USER_DATA/ssl/$domain.* vesta/ fi + # Changin dir to documentroot + cd $HOMEDIR/$user/web/$domain + # Define exclude arguments exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") set -f @@ -224,15 +227,21 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then if [ ! -z "$exlusion" ]; then xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" for xpath in $xdirs; do - fargs+=(--exclude=$xpath/*) - echo "$(date "+%F %T") excluding directory $xpath" - msg="$msg\n$(date "+%F %T") excluding directory $xpath" + for xpath in $xdirs; do + if [ -d "$xpath" ]; then + fargs+=(--exclude=$xpath/*) + echo "$(date "+%F %T") excluding directory $xpath" + msg="$msg\n$(date "+%F %T") excluding directory $xpath" + else + echo "$(date "+%F %T") excluding file $xpath" + msg="$msg\n$(date "+%F %T") excluding file $xpath" + fargs+=(--exclude=$xpath) + fi done fi set +f # Backup files - cd $HOMEDIR/$user/web/$domain tar -cpf- * ${fargs[@]} |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz done From 00bc162fe6d1d5c5d0cbc336124bc1521299316a Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Tue, 20 Nov 2018 11:20:21 +0200 Subject: [PATCH 125/140] removed duplicate loop --- bin/v-backup-user | 1 - 1 file changed, 1 deletion(-) diff --git a/bin/v-backup-user b/bin/v-backup-user index 0c9e7c1b..4ecc66aa 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -226,7 +226,6 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then fargs+=(--exclude='logs/*') if [ ! -z "$exlusion" ]; then xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" - for xpath in $xdirs; do for xpath in $xdirs; do if [ -d "$xpath" ]; then fargs+=(--exclude=$xpath/*) From aa83fa85f8ae28723ad64074e1aa1a0ba9fefc4d Mon Sep 17 00:00:00 2001 From: "Made I.T" Date: Thu, 22 Nov 2018 10:19:23 +0100 Subject: [PATCH 126/140] Fix quotes in cronjob CMD --- web/edit/cron/index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/edit/cron/index.php b/web/edit/cron/index.php index c66ca85c..3d8e9922 100644 --- a/web/edit/cron/index.php +++ b/web/edit/cron/index.php @@ -23,7 +23,7 @@ $v_job = escapeshellarg($_GET['job']); exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var); check_return_code($return_var,$output); -$data = json_decode(implode('', str_replace("\\", "\\\\", $output)), true); +$data = json_decode(implode('', $output), true); unset($output); // Parse cron job From c5ba8b5b652010b75541f9f1d4e258c0f6264b89 Mon Sep 17 00:00:00 2001 From: Anton Reutov Date: Sat, 24 Nov 2018 22:43:21 +0200 Subject: [PATCH 127/140] Update v-update-user-counters --- bin/v-update-user-counters | 2 -- 1 file changed, 2 deletions(-) diff --git a/bin/v-update-user-counters b/bin/v-update-user-counters index 50b903bd..b0f94430 100755 --- a/bin/v-update-user-counters +++ b/bin/v-update-user-counters @@ -53,8 +53,6 @@ for user in $user_list; do IP_OWNED=0 U_USERS=0 U_DISK=0 - ##supose fix to #1526 i cannot see any diference, but on debian it apears that there is an diference. - ## maybe because the system has tis var exported? (DISK) DISK=0 U_DISK_DIRS=$(get_user_value '$U_DISK_DIRS') if [ -z "$U_DISK_DIRS" ]; then From 6b590a6c9363b13dd0c89e591d65d12baae9b14c Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Tue, 27 Nov 2018 15:30:59 +0200 Subject: [PATCH 128/140] New version of Softaculous: 5.1.2 --- src/deb/softaculous/control | 2 +- src/rpm/specs/vesta-softaculous.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/deb/softaculous/control b/src/deb/softaculous/control index c5c9eb67..f47048a6 100644 --- a/src/deb/softaculous/control +++ b/src/deb/softaculous/control @@ -1,7 +1,7 @@ Source: vesta-softaculous Package: vesta-softaculous Priority: optional -Version: 0.9.8-23 +Version: 0.9.8-24 Section: admin Maintainer: Serghey Rodin Homepage: https://www.softaculous.com diff --git a/src/rpm/specs/vesta-softaculous.spec b/src/rpm/specs/vesta-softaculous.spec index ece330e8..86baeb29 100644 --- a/src/rpm/specs/vesta-softaculous.spec +++ b/src/rpm/specs/vesta-softaculous.spec @@ -1,6 +1,6 @@ Name: vesta-softaculous Version: 0.9.8 -Release: 23 +Release: 24 Summary: Vesta Control Panel Group: System Environment/Base License: Softaculous License @@ -35,5 +35,8 @@ rm -rf %{buildroot} %config(noreplace) %{_vestadir}/conf %changelog +* Tue Nov 27 2018 Serghey Rodin - 0.9.8-24 +- New version 5.1.2 + * Mon Jul 21 2017 Serghey Rodin - 0.9.8-18 - Initial build for Softaculous 4.9.2 From 59695acd10ce63740bcf274a13569230362e06c5 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 29 Nov 2018 13:40:15 +0200 Subject: [PATCH 129/140] universe repository check --- install/vst-install-ubuntu.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index 4cc5ee86..e1ca1044 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -447,6 +447,13 @@ fi apt-get -y upgrade check_result $? 'apt-get upgrade failed' +# Checking universe repository +if [[ ${release:0:2} -gt 16 ]]; then + if [ -z "$(grep universe /etc/apt/sources.list)" ]; then + add-apt-repository -y universe + fi +fi + # Installing nginx repo apt=/etc/apt/sources.list.d echo "deb http://nginx.org/packages/mainline/ubuntu/ $codename nginx" \ From 2a8188a207cdf7f37290938ed7cbb83abf82e13f Mon Sep 17 00:00:00 2001 From: Anton Reutov Date: Fri, 30 Nov 2018 00:44:32 +0200 Subject: [PATCH 130/140] Create az.php Azerbaijani language support --- web/inc/i18n/az.php | 726 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 726 insertions(+) create mode 100644 web/inc/i18n/az.php diff --git a/web/inc/i18n/az.php b/web/inc/i18n/az.php new file mode 100644 index 00000000..de5a0352 --- /dev/null +++ b/web/inc/i18n/az.php @@ -0,0 +1,726 @@ + 'Paketlər', + 'IP' => 'IP', + 'Graphs' => 'Qrafiklər', + 'Statistics' => 'Statistikalar', + 'Log' => 'Log', + 'Server' => 'Server', + 'Services' => 'Servislər', + 'Firewall' => 'Firewall', + 'Updates' => 'Yeniləmələr', + 'Log in' => 'Hesab yarat', + 'Log out' => 'Çıxış', + 'USER' => 'İstifadəsi', + 'WEB' => 'Veb', + 'DNS' => 'DNS', + 'MAIL' => 'Poçt', + 'DB' => 'DB', + 'CRON' => 'CRON', + 'BACKUP' => 'NÜSXƏ', + 'LOGIN' => 'Giriş', + 'RESET PASSWORD' => 'Şifrəni sıfırlamaq', + 'SEARCH' => 'Axtar', + 'PACKAGE' => 'Paket', + 'RRD' => 'RRD', + 'STATS' => 'STATS', + 'LOG' => 'LOG', + 'UPDATES' => 'Yenilənmələr', + 'FIREWALL' => 'Firewall', + 'SERVER' => 'Server', + 'MEMORY' => 'Yaddaş', + 'DISK' => 'Disk', + 'NETWORK' => 'Şəbəkə', + 'Web Log Manager' => 'Veb loq menecer', + 'no notifications' => 'bildiriş yoxdur', + 'Add User' => 'İstifadəçi əlavə edin', + 'Add Domain' => 'Domen əlavə edin', + 'Add Web Domain' => 'Domen əlavə edin', + 'Add DNS Domain' => 'DNS domeni əlavə edin', + 'Add DNS Record' => 'DNS qeydləri əlavə edin', + 'Add Mail Domain' => 'E-poçt domeni əlavə edin', + 'Add Mail Account' => 'E-poçt hesabı əlavə edin', + 'Add Database' => 'Verilənlər bazası əlavə edin', + 'Add Cron Job' => 'Cron əlavə et', + 'Create Backup' => 'Nüsxə yarat', + 'Configure' => 'Konfiqurasiya', + 'Restore All' => 'Hamısını bərpa edin', + 'Add Package' => 'Paket əlavə edin', + 'Add IP' => 'IP əlavə edin', + 'Add Rule' => 'Qayda əlavə edin', + 'Ban IP Address' => 'IP ünvanını ban edin', + 'Search' => 'Axtar', + 'Add one more FTP Account' => 'FTP hesabı əlavə edin', + 'Overall Statistics' => 'Bütün statistikalar', + 'Daily' => 'Günlük', + 'Weekly' => 'Həftəlik', + 'Monthly' => 'Aylıq', + 'Yearly' => 'İllik', + 'Add' => 'Əlavə edin', + 'Back' => 'Ləğv edin', + 'Save' => 'Yadda saxla', + 'Submit' => 'Göndər', + 'toggle all' => 'Hamısını seç', + 'apply to selected' => 'Seçimi tətbiq edin', + 'rebuild' => 'Yenidən yarat', + 'rebuild web' => "Veb-in yenidən qurulması", + 'rebuild dns' => "DNS-in yenidən qurulması", + 'rebuild mail' => "E-poçt-un yenidən qurulması", + 'rebuild db' => "DB-nin yenidən qurulması", + 'rebuild cron' => "Cron-nun yenidən qurulması", + 'update counters' => 'Yeniləmə sayğacları', + 'suspend' => 'Dayandırın', + 'unsuspend' => 'Davam etdirin', + 'delete' => 'Sil', + 'show per user' => 'istifadəçiyə görə göstər', + 'login as' => 'GİRİŞ ET:', + 'logout' => 'Çıxış et', + 'edit' => 'redaktə et', + 'open webstats' => 'webstats aç', + 'view logs' => 'logları göstər', + 'list records' => '%s siyahı qeydiyyatı', + 'add record' => 'qeyd əlavə edin', + 'list accounts' => '%s hesabı sıyahıya alın', + 'add account' => 'hesap əlavə edin', + 'open webmail' => 'Vebpoçtu aç', + 'list fail2ban' => 'fail2ban siyahı alın', + 'open %s' => '%s aç', + 'download' => 'yüklə', + 'restore' => 'bərpa edin', + 'configure restore settings' => 'bərpa ayarlarını quraşdırın', + 'stop' => 'dayandırın', + 'start' => 'başlat', + 'restart' => 'yenidən başlat', + 'update' => 'yenilə', + 'generate' => 'yarat', + 'Generate CSR' => 'CSR yarat', + 'reread IP' => 'IP-ni yenidən oxu', + 'enable autoupdate' => 'AVTOMATIK YENİLƏNMƏNİ AKTİVLƏŞDİR', + 'disable autoupdate' => 'AVTOMATİK YENİLƏNMƏNİ SÖNDÜR', + 'turn on notifications' => 'xəbərdarlıqları açın', + 'turn off notifications' => 'xəbərdarlıqları bağlayın', + 'configure' => 'ayalar', + 'Adding User' => 'İstifadəçi əlavə edin', + 'Editing User' => 'İstifadəçi redaktə edin', + 'Adding Domain' => 'Domen əlavə edin', + 'Editing Domain' => 'Domen redaktə edin', + 'Adding DNS Domain' => 'DNS domeni əlavə edin', + 'Editing DNS Domain' => 'DNS domeni redaktə edin', + 'Adding DNS Record' => 'DNS qeyd əlavə edin', + 'Editing DNS Record' => 'DNS qeydi redaktə edin', + 'Adding Mail Domain' => 'E-poçt domen əlavə edin', + 'Editing Mail Domain' => 'E-poçt domen redaktə edin', + 'Adding Mail Account' => 'E-poçt əlavə edin', + 'Editing Mail Account' => 'E-poçt hesabını redaktə edin', + 'Adding database' => 'Verilənlər bazası əlavə edin', + 'Editing Cron Job' => 'Cron-u redaktə et', + 'Adding Cron Job' => 'Cron əlavə etmək', + 'Editing Database' => 'Verilənlər bazasını redaktə edin', + 'Adding Package' => 'Paket əlavə edin', + 'Editing Package' => 'Paketi redaktə edin', + 'Adding IP address' => 'IP ünvanı əlavə edin', + 'Editing IP Address' => 'IP ünvamını redaktə edin', + 'Editing Backup Exclusions' => 'Nüsxələmə istisnalarını redaktə edin', + 'Generating CSR' => 'CSR yaratma', + 'Listing' => 'Siyahılama', + 'Search Results' => 'Axtarış nəticələri', + 'Adding Firewall Rule' => 'Təhlükəsizlik divarı qaydası əlavə edin', + 'Editing Firewall Rule' => 'Təhlükəsizlik divarı qaydasını redaktə edin', + 'Adding IP Address to Banlist' => 'Ban siyahısına IP ünvanı əlavə edin', + 'active' => 'aktiv', + 'spnd' => 'söndürülmüş', + 'suspended' => 'söndürülmüş', + 'running' => 'işləyir', + 'stopped' => 'dayandı', + 'outdated' => 'köhnəlmiş', + 'updated' => 'yenilənmiş', + 'yes' => 'bəli', + 'no' => 'xeyir', + 'none' => 'heç biri', + 'pb' => 'pb', + 'tb' => 'tb', + 'gb' => 'gb', + 'mb' => 'mb', + 'minute' => 'dəqiqə', + 'hour' => 'saat', + 'day' => 'gün', + 'days' => 'günlər', + 'hours' => 'saat', + 'minutes' => 'dəqiqə', + 'month' => 'ay', + 'package' => 'paket', + 'Bandwidth' => 'Traffik', + 'Disk' => 'Disk', + 'Web' => 'Veb', + 'Mail' => 'E-poçt', + 'Databases' => 'Verilənlər bazası', + 'User Directories' => 'İstifadəçi qovluqları', + 'Template' => 'Şablon', + 'Web Template' => 'Veb Şablonu', + 'Backend Template' => 'Backend şablonu', + 'Proxy Template' =>'Proxy şablonu', + 'DNS Template' => 'DNS şablonu', + 'Web Domains' => 'Veb domenləri', + 'SSL Domains' => 'SSL domenləri', + 'Web Aliases' => 'Veb aliasları', + 'per domain' => 'domen başına', + 'DNS Domains' => 'DNS domen adları', + 'DNS domains' => 'DNS domen adları', + 'DNS records' => 'DNS qeydləri', + 'Name Servers' => 'Neymserverlər', + 'Mail Domains' => 'E-poçt domenləri', + 'Mail Accounts' => 'E-poçt hesabları', + 'Cron Jobs' => 'Cron-lar', + 'SSH Access' => 'SSH giriş', + 'IP Address' => 'IP ünvan', + 'IP Addresses' => 'IP ünvanları', + 'Backups' => 'Nüsxələr', + 'Backup System' => 'Nüsxələmə sistemi', + 'backup exclusions' => 'NÜSXƏLƏMƏ İSTİSNALARI', + 'template' => 'şablon', + 'SSL Support' => 'SSL dəstək', + 'SSL Home Directory' => 'SSL Ana qovluğu', + 'Lets Encrypt Support' => 'Lets Encrypt dəstəyi', + 'Lets Encrypt' => 'Şifrələ', + 'Your certificate will be automatically issued in 5 minutes' => 'Sənədiniz avtomatik olaraq 5 dəqiqə ərzində veriləcək', + 'Proxy Support' => 'Proxy dəstəyi', + 'Proxy Extensions' => 'Proxy əlavələri', + 'Web Statistics' => 'Veb statistikaları', + 'Additional FTP Account' => 'Əlavə FTP hesabı', + 'Path' => 'Path', + 'SOA' => 'SOA', + 'TTL' => 'TTL', + 'Expire' => 'Sona çatdırın', + 'Records' => 'Qeydlər', + 'Serial' => 'Seriya', + 'Catchall email' => 'Catchall e-poçt', + 'AntiVirus Support' => 'AntiVirus dəstəyi', + 'AntiSpam Support' => 'AntiSpam dəstəyi', + 'DKIM Support' => 'DKIM dəstəyi', + 'Accounts' => 'Hesablar', + 'Quota' => 'Norma', + 'Autoreply' => 'Avtomatik cavab', + 'Forward to' => 'Buraya yönləndir', + 'Do not store forwarded mail' => 'Göndərilən poçtu saxlamayın', + 'IMAP hostname' => 'IMAP hostname', + 'IMAP port' => 'IMAP port', + 'IMAP security' => 'IMAP təhlükəsizlik', + 'IMAP auth method' => 'IMAP auth metodu', + 'SMTP hostname' => 'SMTP hostname', + 'SMTP port' => 'SMTP port', + 'SMTP security' => 'SMTP təhlükəsizlik', + 'SMTP auth method' => 'SMTP auth metodu', + 'STARTTLS' => 'STARTTLS', + 'Normal password' => 'Normal şifrə', + 'database' => 'verilənələr bazası', + 'User' => 'İstifadəçi', + 'Host' => 'Host', + 'Charset' => 'Kodlaşdırma', + 'Min' => 'Dəq', + 'Hour' => 'Saat', + 'Day' => 'Gün', + 'Month' => 'Ay', + 'Day of week' => 'Həftənin günü', + 'local' => 'yerli', + 'Run Time' => 'İşləmə müddəti', + 'Backup Size' => 'Nüsxə ölçüsü', + 'SYS' => 'SYS', + 'Domains' => 'Domenlər', + 'Status' => 'Status', + 'shared' => 'paylaşılan', + 'dedicated' => 'həsr olunan', + 'Owner' => 'Sahib', + 'Users' => 'İstifadəçilər', + 'Load Average' => 'Sistem yükü', + 'Memory Usage' => 'Yaddaşın istifadəsi', + 'APACHE2 Usage' => 'APACHE2 istifadəsi', + 'HTTPD Usage' => 'HTTPD istifadəsi', + 'NGINX Usage' => 'NGINX istifadəsi', + 'MySQL Usage on localhost' => 'Localhost üzərindəki MySQL istifadəsi', + 'PostgreSQL Usage on localhost' => 'Localhost üzərindəki PostgreSQL istifadəsi', + 'Bandwidth Usage eth0' => 'eth0 traffik istifadəsi', + 'Bandwidth Usage eth1' => 'eth1 traffik istifadəsi', + 'Exim Usage' => 'Exim istifadəsi', + 'FTP Usage' => 'FTP istifadəsi', + 'SSH Usage' => 'SSH istifadəsi', + 'reverse proxy' => 'geri proksi', + 'web server' => 'veb server', + 'dns server' => 'dns server', + 'mail server' => 'e-poçt serve', + 'pop/imap server' => 'pop/imap server', + 'email antivirus' => 'e-poçt antivirus', + 'email antispam' => 'e-poçt antispam', + 'database server' => 'database server', + 'ftp server' => 'ftp server', + 'job scheduler' => 'job planlaşdırma', + 'firewall' => 'firewall', + 'brute-force monitor' => 'brute-force monitor', + 'CPU' => 'CPU', + 'Memory' => 'Yaddaş', + 'Uptime' => 'Uptime', + 'core package' => 'əsas paket', + 'php interpreter' => 'php tərcüməçi', + 'internal web server' => 'daxili veb server', + 'Version' => 'Versiya', + 'Release' => 'Buraxın', + 'Architecture' => 'Memarlıq', + 'Object' => 'Obyekt', + 'Username' => 'İstifadəçi adı', + 'Password' => 'Şifrə', + 'Email' => 'E-poçt', + 'Package' => 'Paket', + 'Language' => 'Dil', + 'First Name' => 'Ad', + 'Last Name' => 'Soyad', + 'Send login credentials to email address' => 'Giriş məlumatlarını ünvanlarını e-poçt ünvanına göndərin', + 'Default Template' => 'Default şablon', + 'Default Name Servers' => 'Default neymserver', + 'Domain' => 'Domen', + 'DNS Support' => 'DNS dəstəyi', + 'Mail Support' => 'E-poçt dəstəyi', + 'Advanced options' => 'TƏKMİLLƏŞMİŞ SEÇİMLƏR', + 'Basic options' => 'Əsas seçimlər', + 'Aliases' => 'Ləqəblər (Alias)', + 'SSL Certificate' => 'SSL sertifikatı', + 'SSL Key' => 'SSL açarı (Key)', + 'SSL Certificate Authority / Intermediate' => 'SSL sertifikat eyniləşdirməsi / köməkçi)', + 'SSL CSR' => 'SSL CSR', + 'optional' => 'istəyə bağlı', + 'internal' => 'daxili', + 'Statistics Authorization' => 'Statistikanın avtorizasiyası', + 'Statistics Auth' => 'Statistika eyniləşdirməsi', + 'Account' => 'Hesab', + 'Prefix will be automaticaly added to username' => 'Prefiks avtomatik olaraq istifadəçi adına əlavə olunacaq', + 'Send FTP credentials to email' => 'FTP məlumatlarını e-poçt ile göndər', + 'Expiration Date' => 'Bitmə tarixi', + 'YYYY-MM-DD' => 'YYYY-AA-GG', + 'Name servers' => 'Neymserverlər', + 'Record' => 'Qeydiyyat', + 'IP or Value' => 'IP və ya qiymət', + 'Priority' => 'Prioritet', + 'Record Number' => 'Qeydiyyat sayı', + 'in megabytes' => 'megabayt olaraq', + 'Message' => 'Mesaj', + 'use local-part' => 'local-part istifadə et', + 'one or more email addresses' => 'bir və ya daha çox e-poçt ünvanı', + 'Prefix will be automaticaly added to database name and database user' => 'Prefiks avtomatik olaraq verilənlər bazası adı və verilənlər bazası istifadəçisinə əlavə olunacaq', + 'Database' => 'Verilənlər bazası', + 'Type' => 'Tip', + 'Minute' => 'Dəqiqə', + 'Command' => 'Əmr', + 'Package Name' => 'Paket adı', + 'Netmask' => 'Netmask', + 'Interface' => 'İnterfeys', + 'Shared' => 'Paylaşılan', + 'Assigned user' => 'Təyin edilən istifadəçi', + 'Assigned domain' => 'Təyin edilən domen', + 'NAT IP association' => 'NAT IP assosiasiyası', + 'shell' => 'shell', + 'web domains' => 'Veb domenləri', + 'web aliases' => 'veb ləqəblər', + 'dns records' => 'dns qeydləri', + 'mail domains' => 'mail domenləri', + 'mail accounts' => 'mail hesabları', + 'accounts' => 'hesablar', + 'databases' => 'verilənlər bazası', + 'cron jobs' => 'Cron tapşırıqları', + 'backups' => 'nüsxələr', + 'quota' => 'kvota', + 'day of week' => 'həftənin günü', + 'cmd' => 'cmd', + 'users' => 'istifadəçilər', + 'domains' => 'domenlər', + 'aliases' => 'aliases', + 'records' => 'qeydlər', + 'jobs' => 'işlər', + 'username' => 'istifadəçi adı', + 'password' => 'şifrə', + 'type' => 'tip', + 'charset' => 'kodlaşdırma', + 'domain' => 'domen', + 'ip' => 'ip', + 'ip address' => 'ip ünvanı', + 'IP address' => 'IP ünvanı', + 'netmask' => 'netmask', + 'interface' => 'interfeys', + 'assigned user' => 'təyin edilən istifadəçi', + 'ns1' => 'ns1', + 'ns2' => 'ns2', + 'user' => 'istifadəçi', + 'email' => 'e-poçt', + 'first name' => 'ad', + 'last name' => 'soyad', + 'account' => 'hesab', + 'ssl certificate' => 'ssl sertifikatı', + 'ssl key' => 'ssl açarı (key)', + 'stats user password' => 'statistik istifadəçi sifrəsi', + 'stats username' => 'statistik istifadəçi adı', + 'stats password' => 'statistik şifrəsi', + 'ftp user password' => 'ftp istifadəçi şifrəsi', + 'ftp user' => 'ftp istifadəçisi', + 'Last 70 lines of %s.%s.log' => '%s.%s.log faylının son 70 sətri', + 'AccessLog' => 'AccessLog', + 'ErrorLog' => 'ErrorLog', + 'Download AccessLog' => 'AccessLog yüklə', + 'Download ErrorLog' => 'ErrorLog yüklə', + 'Country' => 'Ölkə', + '2 letter code' => '2 hərf kodu', + 'State / Province' => 'Dövlət / Əyalət', + 'City / Locality' => 'Şəhər / Yerləşmə', + 'Organization' => 'Orqanizasiya', + 'Action' => 'Fəaliyyət', + 'Protocol' => 'Protokol', + 'Port' => 'Port', + 'Comment' => 'Rəy', + 'Banlist' => 'Ban siyahısı', + 'ranges are acceptable' => 'qəbul edilə bilən aralıqlar', + 'CIDR format is supported' => 'CIDR versiyasını dəstəkləyir', + 'ACCEPT' => 'ACCEPT', + 'DROP' => 'DROP', + 'TCP' => 'TCP', + 'UDP' => 'UDP', + 'ICMP' => 'ICMP', + 'SSH' => 'SSH', + 'FTP' => 'FTP', + 'VESTA' => 'VESTA', + 'Add one more Name Server' => 'Neymserver əlavə edin', + 'web domain' => 'veb domen', + 'dns domain' => 'dns domen', + 'dns record' => 'dns qeyd', + 'mail domain' => 'mail domen', + 'mail account' => 'mail hesabı', + 'cron job' => 'cron işi', + 'cron' => 'cron', + 'user dir' => 'istifadəçidir', + 'unlimited' => 'limitsiz', + '1 account' => '1 hesab', + '%s accounts' => '%s hesab', + '1 domain' => '1 alan adı', + '%s domains' => '%s alan adı', + '1 record' => '1 kayıt', + '%s records' => '%s kayıt', + '1 mail account' => '1 mail hesabı', + '%s mail accounts' => '%s mail hesabı', + '1 database' => '1 verilənlər bazası', + '%s databases' => '%s verilənlər bazası', + '1 cron job' => '1 zamanlanmış tapşırıq', + '%s cron jobs' => '%s zamanlanmış tapşırıq', + '1 archive' => '1 arxiv', + '%s archives' => '%s arxiv', + '1 item' => '1 maddə', + '%s items' => '%s maddələr', + '1 package' => '1 paket', + '%s packages' => '%s paket', + '1 IP address' => '1 IP ünvanı', + '%s IP addresses' => '%s IP ünvanı', + '1 month' => '1 ay', + '%s months' => '%s ay', + '1 log record' => '1 log qeydi', + '%s log records' => '%s log qeydi', + '1 object' => '1 obyekt', + '%s objects' => '%s obyekt', + 'no exclusions' => 'istisna yoxdur', + '1 rule' => '1 qayda', + '%s rules' => '%s qayda', + 'There are no currently banned IP' => 'Hazırda ban edilmiş İP yoxdur', + 'USER_CREATED_OK' => '%s istifadəşisi uğurla yaradıldı.', + 'WEB_DOMAIN_CREATED_OK' => '%s domen uğurla yaradıldı.', + 'DNS_DOMAIN_CREATED_OK' => '%s DNS domen uğurla yaradıldı.', + 'DNS_RECORD_CREATED_OK' => '%s.%s qeydi uğurla yaradıldı.', + 'MAIL_DOMAIN_CREATED_OK' => '%s əsas domen uğurla yaradıldı', + 'MAIL_ACCOUNT_CREATED_OK' => '%s@%s e-poçt hesabı uğurla yaradıldı', + 'DATABASE_CREATED_OK' => '%s verilənlər bazası uğurla yaradıldı.', + 'CRON_CREATED_OK' => 'Zamanlanmış tapşırıq uğurla yaradıldı.', + 'IP_CREATED_OK' => '%s ip ünvanı uğurla yaradıldı.', + 'PACKAGE_CREATED_OK' => '%s paketi uğurla yaradıldı.', + 'SSL_GENERATED_OK' => 'Sertifikart uğurla yaradıldı.', + 'RULE_CREATED_OK' => 'Qayda uğurla yaradıldı.', + 'BANLIST_CREATED_OK' => 'IP ünvan müvəffəqiyyətlə qadağan edildi', + 'Autoupdate has been successfully enabled' => 'Avtomatik yenilənmə uğurla aktivləşdirildi', + 'Autoupdate has been successfully disabled' => 'Avtomatik yenilənmə uğurla söndürüldü', + 'Cronjob email reporting has been successfully enabled' => 'Zamanlanmış tapşırıq e-poçt hesabatı uğurla aktivləşdirildi', + 'Cronjob email reporting has been successfully disabled' => 'Zamanlanmış tapşırıq e-poçt hesabatı uğurla dayandırıldı', + 'Changes has been saved.' => 'Dəyişikliklər yadda saxlanıldı.', + 'Confirmation' => 'Təsdiqləmə', + 'DELETE_USER_CONFIRMATION' => '%s istifadəçisini silmək istədiyinizə əminsinizmi?', + 'SUSPEND_USER_CONFIRMATION' => '%s istifadəçisini qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_USER_CONFIRMATION' => '%s istifadəçisini davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_DOMAIN_CONFIRMATION' => '%s domeni silmək istədiyinizə əminsinizmi?', + 'SUSPEND_DOMAIN_CONFIRMATION' => '%s domeni qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => '%s domeni davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_RECORD_CONFIRMATION' => '%s qeydi silmək istədiyinizə əminsinizmi?', + 'SUSPEND_RECORD_CONFIRMATION' => '%s qeydi qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_RECORD_CONFIRMATION' => '%s qeydi davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '%s hesabını silmək istədiyinizə əminsinizmi?', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '%s hesabını qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '%s hesabını davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_DATABASE_CONFIRMATION' => '%s verilənlər bazasını silmək istədiyinizə əminsinizmi?', + 'SUSPEND_DATABASE_CONFIRMATION' => '%s verilənlər bazasını qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_DATABASE_CONFIRMATION' => '%s verilənlər bazasını davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_CRON_CONFIRMATION' => 'Zamanlanmış tapşırığı silmək istədiyinizə əminsinizmi?', + 'SUSPEND_CRON_CONFIRMATION' => 'Zamanlanmış tapşırığı qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_CRON_CONFIRMATION' => 'Zamanlanmış tapşırığı davam etdirmək istədiyinizə əminsinizmi?', + 'DELETE_BACKUP_CONFIRMATION' => '%s nüsxəsini silmək istədiyinizə əminsinizmi?', + 'DELETE_EXCLUSION_CONFIRMATION' => '%s nüsxələmə qaydasını silmək istədiyinizə əminsinizmi?', + 'DELETE_PACKAGE_CONFIRMATION' => '%s paketini silmək istədiyinizə əminsinizmi?', + 'DELETE_IP_CONFIRMATION' => '%s IP ünvanı silmək istədiyinizə əminsinizmi?', + 'DELETE_RULE_CONFIRMATION' => '#%s qaydasını silmək istədiyinizə əminsinizmi?', + 'SUSPEND_RULE_CONFIRMATION' => '#%s qaydasını qapatmaq istədiyinizə əminsinizmi?', + 'UNSUSPEND_RULE_CONFIRMATION' => '#%s qaydasını davam etdirmək istədiyinizə əminsinizmi?', + 'LEAVE_PAGE_CONFIRMATION' => 'Səhifəni tərk edirsiniz?', + 'RESTART_CONFIRMATION' => '%s yenidən başladılacaq.əstiqləyirsiniz?', + 'Welcome' => 'XOŞ GƏLDİNİZ', + 'LOGGED_IN_AS' => '%s istifadəçisi olaraq daxil oldunuz', + 'Error' => 'Xəta', + 'Invalid username or password' => 'Doğru olmayan istifadəçi adı və ya şifrə', + 'Invalid username or code' => 'Doğru olmayan istifadəçi adı və ya kod', + 'Passwords not match' => 'Şifrələr uyğun deyil', + 'Please enter valid email address.' => 'Lütfən doğru e-poçt ünvanı daxil edin.', + 'Field "%s" can not be blank.' => '"%s" sahəni boş saxlaya bilməzsiniz.', + 'Password is too short.' => 'Şifrə çox qısadır (minimum 6 simvol)', + 'Error code:' => 'Xəta kodu: %s', + 'SERVICE_ACTION_FAILED' => '"%s" "%s" uğursuz oldu', + 'IP address is in use' => 'IP ünvanı istifadədədir', + 'BACKUP_SCHEDULED' => 'Tapşırıq uğurla əlavə edildi. Nüsxə yüklənildiyi zaman xəbərdarlıq e-poçtu alacaqsınız.', + 'BACKUP_EXISTS' => 'Artıq nüsxələmə əməliyyatı davam edir. Yenidən yaratmaq üçün bunun bitməsini gözləyin.', + 'RESTORE_SCHEDULED' => 'Tapşırıq sıraya əlavə edildi. Nüsxə yüklənildiyi zaman xəbərdarlıq e-poçtu alacaqsınız.', + 'RESTORE_EXISTS' => 'Artıq restovrasiya əməliyyatı davam edir. Bunu işlətmək üçün lütfən əvvəlki əməliyyatın bitməsiniz gözləyin.', + 'WEB_EXCLUSIONS' => 'Hər sətrə bir domen əlavə yazın. Bütün domenlər xaric etmək üçün * istifadə edin. Xüsusi qovluq üçün bu formatda yazın: domain.com:public_html/cache:public_html/tmp', + 'DNS_EXCLUSIONS' => 'Hər sətrə bi domen əlavə edin. Bütün domenləri xaric etmək üçün * istifadə edin', + 'MAIL_EXCLUSIONS' => 'Hər sətrə bi domen əlavə edin. Bütün domenləri xaric etmək üçün * istifadə edin. Xüsusi hesab təyin etmək üçün bu formatda yazın: domain.com:info:destek:postmaster', + 'DB_EXCLUSIONS' => 'Hər sətrə bir verilənlər bazası əlavə edin. Hamısı üçün * istifadə edin. ', + 'CRON_EXCLUSIONS' => 'Bütün zamanlanmış tapşırıqları xaric etmək üçün * istifadə edin', + 'USER_EXCLUSIONS' => 'Hər sətrə bir qovluq əlavə edin. Bütün versiyaları xaric etmək üçün * istifadə edin', + 'Welcome to Vesta Control Panel' => 'Vesta nəzarət panelinə xoş gəldiniz', + 'MAIL_FROM' => 'Vesta Nəzarət Paneli ', + 'GREETINGS_GORDON_FREEMAN' => "Hər vaxtınız xeyir, %s %s,\n", + 'GREETINGS' => "Hər vaxtınız xeyir,\n", + 'ACCOUNT_READY' => "Hesabınız uğurla yaradıldı və istifadəyə hazırdır.\n\nhttps://%s/login/\nİstifadəçi adı: %s\nŞifrə: %s\n\n--\nVesta Nəzarət Paneli\n", + 'FTP login credentials' => 'FTP giriş məlumatları', + 'FTP_ACCOUNT_READY' => "FTP hesabı uğurla yaradıldı və istifadə hazırdır.\n\nHostname: %s\nİstifadəçi adı: %s_%s\nŞifrə: %s\n\n--\nVesta Control Panel\n", + 'Database Credentials' => 'Veritabanı Bilgileri', + 'DATABASE_READY' => "Verilənlər bazası yaradıldı.\n\Verilənlər bazsı: %s\nİstifadəçi: %s\Şifrə: %s\n%s\n\n--\nVesta Nəzarət Paneli\n", + 'forgot password' => 'Şifrəmi unutdum', + 'Confirm' => 'Təstiqlə', + 'New Password' => 'Yeni şifrə', + 'Confirm Password' => 'Şifrəni təstiqlə', + 'Reset' => 'Sıfırla', + 'Reset Code' => 'Sıfırlama Kodu', + 'RESET_NOTICE' => '', + 'RESET_CODE_SENT' => 'Şifrə sıfırlama kodu e-poçt ünvanınıza göndərildi.
', + 'MAIL_RESET_SUBJECT' => 'Şifrə sıfırlama - %s', + 'PASSWORD_RESET_REQUEST' => "Şifrənizi sıfırlamaq üçün lütfən linki izləyin:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\Alternativ olaraq https://%s/reset/?action=code&user=%s linkinə klik edib davamına bu reset kodunuzu daxil edə bilərsiniz:\n%s\n\nƏgər şifrə sıfırlama istəyiniz olmayıbsa lütfən mesajı yox sayın və üzrümüzü qəbul edin.\n\n--\nVesta Nəzarət Mərkəzi\n", + 'Jan' => 'Yan', + 'Feb' => 'Fev', + 'Mar' => 'Mar', + 'Apr' => 'Apr', + 'May' => 'May', + 'Jun' => 'İyn', + 'Jul' => 'İyl', + 'Aug' => 'Avq', + 'Sep' => 'Sent', + 'Oct' => 'Okt', + 'Nov' => 'Noy', + 'Dec' => 'Dek', + 'Configuring Server' => 'Server ayarlanması', + 'Hostname' => 'Hostname', + 'Time Zone' => 'Vaxt qurşağı', + 'Default Language' => 'Default dil', + 'Proxy Server' => 'Proxy server', + 'Web Server' => 'Veb server', + 'Backend Server' => 'Backend Server', + 'Backend Pool Mode' => 'Backend pul rejimi', + 'DNS Server' => 'DNS server', + 'DNS Cluster' => 'DNS Cluster', + 'MAIL Server' => 'MAIL Server', + 'Antivirus' => 'Antivirus', + 'AntiSpam' => 'AntiSpam', + 'Webmail URL' => 'Vebmail URL', + 'MySQL Support' => 'MySQL dəstək', + 'phpMyAdmin URL' => 'phpMyAdmin URL', + 'PostgreSQL Support' => 'PostgreSQL dəstəyi', + 'phpPgAdmin URL' => 'phpPgAdmin URL', + 'Maximum Number Of Databases' => 'Verilənlər bazasının maksimum sayı', + 'Current Number Of Databases' => 'Current Number Of Databases', + 'Local backup' => 'Yerli backup', + 'Compression level' => 'Sıxılma səviyyəsi', + 'Directory' => 'Kataloq', + 'Remote backup' => 'Uzaqdan backup', + 'ftp' => 'FTP', + 'sftp' => 'SFTP', + 'SFTP Chroot' => 'SFTP Chroot', + 'FileSystem Disk Quota' => 'FaylSistemi disk kvotası', + 'Vesta Control Panel Plugins' => 'Vesta Nəzarət Paneli əlavələri', + 'preview' => 'Ön görünüş', + 'Reseller Role' => 'Reseller rolu', + 'Web Config Editor' => 'Veb Konfiqurasiya redaktoru', + 'Template Manager' => 'Şablon idarəçisi', + 'Backup Migration Manager' => 'Nüsxələmə miqrasiya idarəçisi', + 'FileManager' => 'Faylİdarəçisi', + 'show: CPU / MEM / NET / DISK' => 'göstər: CPU / BEL / ŞƏ / DISK', + 'sort by' => 'sıralama ölçüsü', + 'Date' => 'Tarix', + 'Starred' => 'Ulduzlu', + 'Name' => 'Ad', + 'save to favorites' => 'Sevimlilərə əlavə edin', + 'File Manager' => 'Fayl İdarəçisi', + 'size' => 'ölçü', + 'date' => 'tarix', + 'name' => 'ad', + 'Initializing' => 'Başladılır', + 'UPLOAD' => 'YÜKLƏ', + 'NEW FILE' => 'YENİ FAYL', + 'NEW DIR' => 'YENİ QOVLUQ', + 'DELETE' => 'SİL', + 'RENAME' => 'YENİDƏN ADLANDIR', + 'MOVE' => 'kÖÇÜRT', + 'RIGHTS' => 'HÜQUQLAR', + 'COPY' => 'KOPYALA', + 'ARCHIVE' => 'ARXİVLƏ', + 'EXTRACT' => 'ÇIXART', + 'DOWNLOAD' => 'YÜKLƏ', + 'Are you sure?' => 'Əminsinizmi?', + 'Hit' => 'Hit', + 'to reload the page' => 'səhifəni yeniləm üçün', + 'Directory name cannot be empty' => 'Kataloq adı boş ola bilməz', + 'File name cannot be empty' => 'Fayl adı boş ola bilməz', + 'No file selected' => 'Fayl seçilmədi', + 'No file or folder selected' => 'Fayl və ya qovluq seçilmədi', + 'File type not supported' => 'Fayl tipi dəstəklənmir', + 'Directory download not available in current version' => 'Kataloq yüklnməsi bu versiyada mövcud deyil', + 'Directory not available' => 'Kataloq keçərli deyil', + 'Done' => 'Birdi', + 'Close' => 'Bağla', + 'Copy' => 'Kopyala', + 'Cancel' => 'Ləğv et', + 'Rename' => 'Yenidən adlandır', + 'Move' => 'Köçürt', + 'Change Rights' => 'Hüquqları dəyişdirin', + 'Delete' => 'Sil', + 'Extract' => 'Çıxart', + 'Create' => 'Yarat', + 'Compress' => 'Sıx', + 'OK' => 'TAMAM', + 'YOU ARE COPYING' => 'Siz kopyalayırsınız', + 'YOU ARE REMOVING' => 'Siz silirsiniz', + 'Delete items' => 'Maddələri silin', + 'Copy files' => 'Faylları kopyalayın', + 'Move files' => 'Faylları daşıyın', + 'Are you sure you want to copy' => 'Kopyalamaq istədiyinizə əminsinizmi', + 'Are you sure you want to move' => 'Köçürtmək istədiyinizə əminsinizmi?', + 'Are you sure you want to delete' => 'Silmək istədiyinizə əminsinizmi?', + 'into' => 'daxil', + 'existing files will be replaced' => 'mövcud fayllar dəyişdirilir', + 'Original name' => 'Orjinal adı', + 'File' => 'Fayl', + 'already exists' => 'mövcuddur', + 'Create file' => 'Fayl yarat', + 'Create directory' => 'Kataloq yarat', + 'read by owner' => 'sahini tərəfindən oxunan', + 'write by owner' => 'sahibi tərəfindən yazılan', + 'execute/search by owner' => 'sahibi tərəfindən icra edilən/axtarılan', + 'read by group' => 'grup tərəfindən oxunan', + 'write by group' => 'qrup tərəfindən yazılan', + 'execute/search by group' => 'qrup tərəfindən icar edilən/axtarılan', + 'read by others' => 'başqaları tərəfindən oxunan', + 'write by others' => 'başqaları tərəfindən yazılan', + 'execute/search by others' => 'başqaları tərəfindən icra edilən/axtarılan', + 'Shortcuts' => 'Qısayollar', + 'Add New object' => 'Yeni obyekt əlavə edin', + 'Save Form' => 'Formanı yadda saxla', + 'Cancel saving form' => 'Formanı yadda saxlama', + 'Go to USER list' => 'İstifadəçi siyahısına get', + 'Go to WEB list' => 'Veb siyahısına get', + 'Go to DNS list' => 'DNS siyahısına get', + 'Go to MAIL list' => 'MAIL siyahısına get', + 'Go to DB list' => 'DB siyahısına get', + 'Go to CRON list' => 'CRON siyahısına get', + 'Go to BACKUP list' => 'Nüsxə siyahısına get', + 'Focus on search' => 'Axtarışa fokuslan', + 'Display/Close shortcuts' => 'Qısayolları göstər/bağla', + 'Move backward through top menu' => 'Üst menyu arasında geriyə get', + 'Move forward through top menu' => 'Üst menyu arasında iləriyə get', + 'Enter focused element' => 'Fokuslanmış elementi gör', + 'Move up through elements list' => 'Elementlər siyahısına keçin', + 'Move down through elements list' => 'Elementlər siyahısına keçin', + 'Upload' => 'Yüklə', + 'New File' => 'Yeni fayl', + 'New Folder' => 'Yeni qovluq', + 'Download' => 'Yüklə', + 'Archive' => 'Arxivlə', + 'Save File (in text editor)' => 'Faylı yadda saxla (mətn redaktorunda)', + 'Close Popup / Cancel' => 'Popup bağla / Ləğv et', + 'Move Cursor Up' => 'Kursoru yuxarı qaldır', + 'Move Cursor Down' => 'Kursoru aşağı endir', + 'Switch to Left Tab' => 'Sol taba keçin', + 'Switch to Right Tab' => 'Sağ taba keçin', + 'Switch Tab' => 'Taba keç', + 'Go to the Top of the File List' => 'Fayl siyahısının əvvəlinə get', + 'Go to the Last File' => 'Son fayla bax', + 'Open File / Enter Directory' => 'Faylı aç/Kataloqa daxil ol', + 'Edit File' => 'Faylı redaktə edin', + 'Go to Parent Directory' => 'Əsas kataloqa daxil olun', + 'Select Current File' => 'Hazırki faylı seçin', + 'Select Bunch of Files' => 'Fayl dəstini seçin', + 'Add File to the Current Selection' => 'Hazırki seçimə fayl əlavə edin', + 'Select All Files' => 'Bütün faylları seçin', + 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => + 'qısayollar mükəmməl fayl idarəçisi Midnight Commander fayl idarəçisindən alınmışdır', + 'Licence Key' => 'Lisenziya açarı', + 'Enter License Key' => 'Lisenziya açarını daxil edin', + 'Buy Licence' => 'Lisenziya alın', + 'Buy Lifetime License' => 'Ömür boyu lisenziyası alın', + 'Disable and Cancel Licence' => 'Lisenziyanı söndürün və ləğv edin', + 'Licence Activated' => 'Lisenziya aktivdir', + 'Licence Deactivated' => 'Lisenziya ləğv edilib', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'İstifadəçilə SSH yalnız öz əsas kataloqlarına daxil ola bilərlər.', + 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Baxış, kopyalama, redaktə, tamfunksional fayl meneceri vasitəsilə veb domendə olan faylların baxışı və ixracı.', + 'This is a commercial module, you would need to purchace license key to enable it.' => 'Bu kommersiya moduludur. Ondan istifadə etmək üçün lisenziya açarını əldə etməlisiniz', + 'Minutes' => 'Dəqiqəlik', + 'Hourly' => 'Saatlıq', + 'Run Command' => 'Əmri aktivləşdir', + 'every month' => 'hər ay', + 'every odd month' => 'hər tək ay', + 'every even month' => 'hər cüt ay', + 'every day' => 'hər gün', + 'every odd day' => 'hər tək gün', + 'every even day' => 'hər cüt gün', + 'weekdays (5 days)' => 'həftə içi (5 gün)', + 'weekend (2 days)' => 'həftə sonu (2 gün)', + 'Monday' => 'Bazar ertəsi', + 'Tuesday' => 'Çərşənbə axşamı', + 'Wednesday' => 'Çərşənbə', + 'Thursday' => 'Cümə axşamı', + 'Friday' => 'Cümə', + 'Saturday' => 'Şənbə', + 'Sunday' => 'Bazar', + 'every hour' => 'hər saat', + 'every two hours' => 'hər iki saatda bir', + 'every minute' => 'hər dəqiqə', + 'every two minutes' => 'hər iki dəqiqdə bir', + 'every' => 'hər', + 'Generate' => 'Yaratmaq', + 'webalizer' => 'webalizer', + 'awstats' => 'awstats', + 'Vesta SSL' => 'Vesta SSL', + 'SUBJECT' => 'MÖVZU', + 'ALIASES' => 'LƏQƏBLƏR', + 'NOT_BEFORE' => 'NOT_BEFORE', + 'NOT_AFTER' => 'NOT_AFTER', + 'SIGNATURE' => 'İMZA', + 'PUB_KEY' => 'PUB_KEY', + 'ISSUER' => 'ISSUER', + 'Use server hostname' => 'Server hostname-dən istifadə et', + 'Use domain hostname' => 'Domen hostname-dən istifadə et', + 'Use STARTTLS' => 'STARTTLS istifadə et', + 'Use SSL / TLS' => 'SSL / TLS istifadə et', + 'No encryption' => 'Şifrələnməsiz', + 'Do not use encryption' => 'Şifrələnməni istifadə etmə', + 'maximum characters length, including prefix' => 'Simvolların maksimal uzunlu %s, prfiks daxil', + 'Email Credentials' => 'E-poçt hüquqları', +); From c29c7cc8e6a72ffa852bdd583d1c4e61ef57266e Mon Sep 17 00:00:00 2001 From: Anton Reutov Date: Fri, 30 Nov 2018 00:52:49 +0200 Subject: [PATCH 131/140] Azerbaijani language support From 44eabb4e9d50fe2535c93d4a168190febbd2af0a Mon Sep 17 00:00:00 2001 From: Anton Reutov Date: Fri, 30 Nov 2018 00:54:45 +0200 Subject: [PATCH 132/140] Azerbaijani language support --- web/inc/i18n/az.php | 1 + 1 file changed, 1 insertion(+) diff --git a/web/inc/i18n/az.php b/web/inc/i18n/az.php index de5a0352..911dfc68 100644 --- a/web/inc/i18n/az.php +++ b/web/inc/i18n/az.php @@ -724,3 +724,4 @@ $LANG['az'] = array( 'maximum characters length, including prefix' => 'Simvolların maksimal uzunlu %s, prfiks daxil', 'Email Credentials' => 'E-poçt hüquqları', ); +v From 2d0e09e7cac23d7da9b812a08860145210bcef78 Mon Sep 17 00:00:00 2001 From: Anton Reutov Date: Fri, 30 Nov 2018 00:55:27 +0200 Subject: [PATCH 133/140] Azerbaijani language support --- web/inc/i18n/az.php | 1 - 1 file changed, 1 deletion(-) diff --git a/web/inc/i18n/az.php b/web/inc/i18n/az.php index 911dfc68..de5a0352 100644 --- a/web/inc/i18n/az.php +++ b/web/inc/i18n/az.php @@ -724,4 +724,3 @@ $LANG['az'] = array( 'maximum characters length, including prefix' => 'Simvolların maksimal uzunlu %s, prfiks daxil', 'Email Credentials' => 'E-poçt hüquqları', ); -v From 9f9ee145592e6dad16b4c6438b86416bdea73488 Mon Sep 17 00:00:00 2001 From: Anton Reutov Date: Fri, 30 Nov 2018 17:29:33 +0200 Subject: [PATCH 134/140] Change monthly price for File Manager and SFTP --- web/templates/admin/edit_server.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html index 4f142a6a..cde031fc 100644 --- a/web/templates/admin/edit_server.html +++ b/web/templates/admin/edit_server.html @@ -787,7 +787,7 @@

- '.__('Buy Licence').' 1$/'.__('month').' + '.__('Buy Licence').' 3$/'.__('month').'
'.__('Buy Lifetime License').' 18$ @@ -835,7 +835,7 @@
- - '.__('Buy Licence').' 3$/'.__('month').' + '.__('Buy Licence').' 5$/'.__('month').'
- '.__('Buy Lifetime License').' 50$ From 41bfca0b212e826140f69bbedcaaeaddceac974e Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Tue, 4 Dec 2018 16:21:46 +0200 Subject: [PATCH 135/140] ACME v2 support --- bin/v-add-letsencrypt-user | 146 +++++++++++++++++++++++++++---------- 1 file changed, 108 insertions(+), 38 deletions(-) diff --git a/bin/v-add-letsencrypt-user b/bin/v-add-letsencrypt-user index 3b14cd69..3b168c40 100755 --- a/bin/v-add-letsencrypt-user +++ b/bin/v-add-letsencrypt-user @@ -1,6 +1,6 @@ #!/bin/bash # info: register letsencrypt user account -# options: USER [EMAIL] +# options: USER [TYPE] # # The function creates and register LetsEncript account key @@ -11,7 +11,7 @@ # Argument definition user=$1 -email=$2 +type=${2-1} key_size=4096 # Includes @@ -28,11 +28,17 @@ encode_base64() { # Verifications # #----------------------------------------------------------# -check_args '1' "$#" 'USER [EMAIL]' +check_args '1' "$#" 'USER [TYPE]' is_format_valid 'user' is_object_valid 'user' 'USER' "$user" if [ -e "$USER_DATA/ssl/le.conf" ]; then - exit + source "$USER_DATA/ssl/le.conf" + if [ "$type" -eq 1 ] && [ ! -z "$EMAIL" ]; then + exit + fi + if [ "$type" -eq 2 ] && [ ! -z "$KID" ]; then + exit + fi fi @@ -40,14 +46,29 @@ fi # Action # #----------------------------------------------------------# -api='https://acme-v01.api.letsencrypt.org' -if [ -z "$email" ]; then +# Defining LE API endpoint +if [ "$type" -eq 1 ]; then + api='https://acme-v01.api.letsencrypt.org' +else + api='https://acme-v02.api.letsencrypt.org' +fi + +# Defining user email +if [ $type -eq 1 ]; then email=$(get_user_value '$CONTACT') fi -agreement=$(curl -s -I "$api/terms" |grep Location |cut -f 2 -d \ |tr -d '\r\n') +# Defining user agreement +if [ "$type" -eq 1 ]; then + agreement=$(curl -s -I "$api/terms" |grep Location |\ + cut -f 2 -d \ |tr -d '\r\n') +else + #agreement=$(curl -s "$api/directory" |grep termsOfService |\ + # cut -f 4 -d '"') + agreement='' +fi -# Generating key +# Generating user key key="$USER_DATA/ssl/user.key" if [ ! -e "$key" ]; then openssl genrsa -out $key $key_size >/dev/null 2>&1 @@ -55,41 +76,77 @@ if [ ! -e "$key" ]; then fi # Defining key exponent -exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\ - grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ - xxd -r -p |encode_base64) +if [ -z "$EXPONENT" ]; then + exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\ + grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ + xxd -r -p |encode_base64) +else + exponent="$EXPONENT" +fi # Defining key modulus -modulus=$(openssl rsa -in "$key" -modulus -noout |\ - sed -e 's/^Modulus=//' |xxd -r -p |encode_base64) +if [ -z "$MODULUS" ]; then + modulus=$(openssl rsa -in "$key" -modulus -noout |\ + sed -e 's/^Modulus=//' |xxd -r -p |encode_base64) +else + modulus="$MODULUS" +fi -# Defining key thumb -thumb='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -thumb="$(echo -n "$thumb" |openssl dgst -sha256 -binary |encode_base64)" +# Defining JWK token +jwk='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -# Defining JWK header -header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -header='{"alg":"RS256","jwk":'"$header"'}' +# Defining key thumbnail +if [ -z "$THUMB" ]; then + thumb="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)" +else + thumb="$THUMB" +fi -# Requesting nonce +# Requesting ACME nonce nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n') -protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) -# Defining registration query -query='{"resource":"new-reg","contact":["mailto:'"$email"'"],' -query=$query'"agreement":"'$agreement'"}' -payload=$(echo -n "$query" |encode_base64) +# Defining payload and protected data for v1 and v2 +if [ "$type" -eq 1 ]; then + header='{"alg":"RS256","jwk":'"$jwk"'}' + protected='{"nonce":"'"$nonce"'"}' + payload='{"resource":"new-reg","contact":["mailto:'"$email"'"],' + payload=$payload'"agreement":"'$agreement'"}' + +else + protected='{"nonce": "'$nonce'",' + protected=''$protected' "url": "'$api/acme/new-acct'",' + protected=''$protected' "alg": "RS256", "jwk": '$jwk'}' + payload='{"termsOfServiceAgreed": true}' +fi + +# Encoding data +protected=$(echo -n "$protected" |encode_base64) +payload=$(echo -n "$payload" |encode_base64) + +# Signing request signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |encode_base64) -data='{"header":'"$header"',"protected":"'"$protected"'",' -data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' + openssl dgst -sha256 -binary -sign "$key" |\ + encode_base64) -# Sending request to LetsEncrypt API -answer=$(curl -s -i -d "$data" "$api/acme/new-reg") -status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') +if [ "$type" -eq 1 ]; then + data='{"header":'"$header"',"protected":"'"$protected"'",' + data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' + + answer=$(curl -s -i -d "$data" "$api/acme/new-reg") + status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') +else + data='{"protected":"'"$protected"'",' + data=$data'"payload":"'"$payload"'",' + data=$data'"signature":"'"$signature"'"}' + + answer=$(curl -s -i -d "$data" "$api/acme/new-acct" \ + -H "Content-Type: application/jose+json") + status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') + kid=$(echo "$answer" |grep Location: |cut -f2 -d ' '|tr -d '\r') +fi # Checking http answer status -if [[ "$status" -ne "201" ]] && [[ "$status" -ne "409" ]]; then +if [[ "${status:0:2}" -ne "20" ]] && [[ "$status" -ne "409" ]]; then check_result $E_CONNECT "LetsEncrypt account registration $status" fi @@ -99,12 +156,25 @@ fi #----------------------------------------------------------# # Adding le.conf -echo "EMAIL='$email'" > $USER_DATA/ssl/le.conf -echo "EXPONENT='$exponent'" >> $USER_DATA/ssl/le.conf -echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf -echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf -chmod 660 $USER_DATA/ssl/le.conf - +if [ ! -e "$USER_DATA/ssl/le.conf" ]; then + echo "EXPONENT='$exponent'" > $USER_DATA/ssl/le.conf + echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf + echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf + if [ "$type" -eq 1]; then + echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf + else + echo "KID='$kid'" >> $USER_DATA/ssl/le.conf + fi + chmod 660 $USER_DATA/ssl/le.conf +else + if [ "$type" -eq 1 ]; then + sed -i '/^EMAIL=/d' $USER_DATA/ssl/le.conf + echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf + else + sed -i '/^KID=/d' $USER_DATA/ssl/le.conf + echo "KID='$kid'" >> $USER_DATA/ssl/le.conf + fi +fi # Logging log_event "$OK" "$ARGUMENTS" From d2d399676f77a6a6d91310996157f2e4243dd357 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Tue, 4 Dec 2018 16:27:22 +0200 Subject: [PATCH 136/140] ACME v2 support - list user --- bin/v-list-letsencrypt-user | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/bin/v-list-letsencrypt-user b/bin/v-list-letsencrypt-user index cded9600..63bd4be2 100755 --- a/bin/v-list-letsencrypt-user +++ b/bin/v-list-letsencrypt-user @@ -23,7 +23,8 @@ json_list() { "EMAIL": "'$EMAIL'", "EXPONENT": "'$EXPONENT'", "MODULUS": "'$MODULUS'", - "THUMB: "'$THUMB'" + "THUMB: "'$THUMB'", + "KID:" "'$KID'" }' echo '}' } @@ -35,17 +36,18 @@ shell_list() { echo "THUMB: $THUMB" echo "EXPONENT: $EXPONENT" echo "MODULUS: $MODULUS" + echo "KID: $KID" } # PLAIN list function plain_list() { - echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB" + echo -e "$user\t$EMAIL\t$EXPONENT\t$MODULUS\t$THUMB\t$KID" } # CSV list function csv_list() { - echo "USER,EMAIL,EXPONENT,MODULUS,THUMB" - echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB" + echo "USER,EMAIL,EXPONENT,MODULUS,THUMB,KID" + echo "$user,$EMAIL,$EXPONENT,$MODULUS,$THUMB,$KID" } From 320455f7c9cecaf95a91a1eab0b7b3573e06efe7 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Tue, 4 Dec 2018 16:29:48 +0200 Subject: [PATCH 137/140] ACME v2 support - list user/ typo --- bin/v-list-letsencrypt-user | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/v-list-letsencrypt-user b/bin/v-list-letsencrypt-user index 63bd4be2..6289ecba 100755 --- a/bin/v-list-letsencrypt-user +++ b/bin/v-list-letsencrypt-user @@ -23,8 +23,8 @@ json_list() { "EMAIL": "'$EMAIL'", "EXPONENT": "'$EXPONENT'", "MODULUS": "'$MODULUS'", - "THUMB: "'$THUMB'", - "KID:" "'$KID'" + "THUMB": "'$THUMB'", + "KID": "'$KID'" }' echo '}' } From 58c6ca95b18948d9d1099ba7fb1300d3b33b0fcc Mon Sep 17 00:00:00 2001 From: dpeca Date: Mon, 10 Dec 2018 14:15:46 +0100 Subject: [PATCH 138/140] Fix for suspended domain checking while LE renewing Logic should be inversed... If you grep for suspended=no, then variable is NOT empty if it's NOT suspended Which means it's empty only if it's suspended. So we must grep for suspended=yes if we consider not-empty result as suspended domain. @skullwritter This bug totally brakes LE renewing :) --- bin/v-update-letsencrypt-ssl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index 6e26d7e5..dd1f3b7c 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -32,7 +32,7 @@ for user in $users; do lecounter=0 for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do # Working on Web domain check - if is suspended - webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='no") + webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='yes") if [ ! -z "$webSuspended" ]; then continue; fi; From 3d8b6a87a77ae8c026e90eb45212349585adc5e3 Mon Sep 17 00:00:00 2001 From: dpeca Date: Mon, 10 Dec 2018 14:31:10 +0100 Subject: [PATCH 139/140] Better handling of calm-down routine while LE renewing Sleep is because https://github.com/serghey-rodin/vesta/issues/1193 --- bin/v-update-letsencrypt-ssl | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index dd1f3b7c..17f8f0f6 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -25,11 +25,12 @@ source $VESTA/conf/vesta.conf # Defining user list users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }') +lecounter=0 + # Checking users for user in $users; do USER_DATA=$VESTA/data/users/$user # Checking user certificates - lecounter=0 for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do # Working on Web domain check - if is suspended webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='yes") @@ -46,6 +47,10 @@ for user in $users; do expire=$((expire / 86400)) domain=$(basename $crt |sed -e "s/.crt$//") if [[ "$expire" -lt 31 ]]; then + if [ $lecounter -gt 0 ]; then + sleep 10 + fi + ((lecounter++)) aliases=$(echo "$crt_data" |grep DNS:) aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//") aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d") @@ -62,10 +67,6 @@ for user in $users; do echo "$domain $msg" fi fi - if [ $lecounter -gt 0 ]; then - sleep 10 - fi - ((lecounter++)) fi done done From 4327a3d1bc8f1c5149c0ee046d1abd87267197e4 Mon Sep 17 00:00:00 2001 From: dpeca Date: Fri, 21 Dec 2018 17:28:12 +0100 Subject: [PATCH 140/140] Syntax error fix in v-add-letsencrypt-user --- bin/v-add-letsencrypt-user | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/v-add-letsencrypt-user b/bin/v-add-letsencrypt-user index 3b168c40..6bd3c560 100755 --- a/bin/v-add-letsencrypt-user +++ b/bin/v-add-letsencrypt-user @@ -160,7 +160,7 @@ if [ ! -e "$USER_DATA/ssl/le.conf" ]; then echo "EXPONENT='$exponent'" > $USER_DATA/ssl/le.conf echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf - if [ "$type" -eq 1]; then + if [ "$type" -eq 1 ]; then echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf else echo "KID='$kid'" >> $USER_DATA/ssl/le.conf