diff --git a/bin/v-add-backup-host b/bin/v-add-backup-host index 4e727229..bccaa03e 100755 --- a/bin/v-add-backup-host +++ b/bin/v-add-backup-host @@ -38,8 +38,7 @@ EOF sftpc() { expect -f "-" </dev/null +# Checking wildcard alias +if [ "$aliases" = "*.$domain" ]; then + wildcard='yes' + proto="dns-01" + if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then + check_result $E_NOTEXIST "DNS domain $domain doesn't exist" + fi +else + proto="http-01" +fi + +# Requesting nonce / STEP 1 +answer=$(curl -s -I "$API/directory") +nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') +status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ') +if [[ "$status" -ne 200 ]]; then + check_result $E_CONNECT "Let's Encrypt nonce request status $status" +fi + +# Placing new order / STEP 2 +url="$API/acme/new-order" +payload='{"identifiers":[' +for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do + format_identifier_idn + payload=$payload'{"type":"dns","value":"'$identifier_idn'"},' +done +payload=$(echo "$payload"|sed "s/,$//") +payload=$payload']}' +answer=$(query_le_v2 "$url" "$payload" "$nonce") +nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') +authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"') +finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"') +status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') +if [[ "$status" -ne 201 ]]; then + check_result $E_CONNECT "Let's Encrypt new auth status $status" +fi + +# Requesting authorization token / STEP 3 +for auth in $authz; do + payload='' + answer=$(query_le_v2 "$auth" "$payload" "$nonce") + url=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \") + nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') + status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ') + if [[ "$status" -ne 200 ]]; then + check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status" fi - # Checking LE limits per account - if [ "$i" -gt 100 ]; then - touch $VESTA/data/queue/letsencrypt.pipe - sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe - send_notice 'LETSENCRYPT' 'Limit of domains per account is reached' - check_result $E_LIMIT "LE can't sign more than 100 domains" + # Accepting challenge / STEP 4 + if [ "$wildcard" = 'yes' ]; then + record=$(printf "%s" "$token.$THUMB" |\ + openssl dgst -sha256 -binary |encode_base64) + old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT') + old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1) + for old_record in $old_records; do + $BIN/v-delete-dns-record $user $domain $old_record + done + $BIN/v-add-dns-record $user $domain "_acme-challenge" "TXT" $record + check_result $? "DNS _acme-challenge record wasn't created" + else + if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then + conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt" + sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt" + if [ ! -e "$conf" ]; then + echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \ + > $conf + echo ' default_type text/plain;' >> $conf + echo ' return 200 "$1.'$THUMB'";' >> $conf + echo '}' >> $conf + fi + if [ ! -e "$sconf" ]; then + ln -s "$conf" "$sconf" + fi + $BIN/v-restart-proxy + check_result $? "Proxy restart failed" >/dev/null + + else + well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known" + acme_challenge="$well_known/acme-challenge" + mkdir -p $acme_challenge + echo "$token.$THUMB" > $acme_challenge/$token + chown -R $user:$user $well_known + fi + $BIN/v-restart-web + check_result $? "Web restart failed" >/dev/null + fi + + # Requesting ACME validation / STEP 5 + validation_check=$(echo "$answer" |grep '"valid"') + if [[ ! -z "$validation_check" ]]; then + validation='valid' + else + validation='pending' + fi + + # Doing pol check on status + i=1 + while [ "$validation" = 'pending' ]; do + payload='{}' + answer=$(query_le_v2 "$url" "$payload" "$nonce") + validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") + nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') + status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ') + if [[ "$status" -ne 200 ]]; then + check_result $E_CONNECT "Let's Encrypt validation status $status" + fi + + i=$((i + 1)) + if [ "$i" -gt 10 ]; then + check_result $E_CONNECT "Let's Encrypt domain validation timeout" + fi + sleep 1 + done + if [ "$validation" = 'invalid' ]; then + check_result $E_CONNECT "Let's Encrypt domain verification failed" fi - i=$((i++)) done -# Generating CSR -ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \ + +# Generating new ssl certificate +ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\ "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}') -# Signing CSR -crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir) -if [ "$?" -ne 0 ]; then - touch $VESTA/data/queue/letsencrypt.pipe - sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe - send_notice "LETSENCRYPT" "$alias validation failed" - check_result "$E_INVALID" "LE $domain validation" +# Sending CSR to finalize order / STEP 6 +csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64) +payload='{"csr":"'$csr'"}' +answer=$(query_le_v2 "$finalize" "$payload" "$nonce") +nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') +status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ') +certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"') +if [[ "$status" -ne 200 ]]; then + check_result $E_CONNECT "Let's Encrypt finalize bad status $status" fi -echo "$crt" > $ssl_dir/$domain.crt -# Dowloading CA certificate -le_certs='https://letsencrypt.org/certs' -x1='lets-encrypt-x1-cross-signed.pem.txt' -x3='lets-encrypt-x3-cross-signed.pem.txt' -issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:") -if [ -z "$(echo $issuer|grep X3)" ]; then - curl -s $le_certs/$x1 > $ssl_dir/$domain.ca -else - curl -s $le_certs/$x3 > $ssl_dir/$domain.ca -fi +# Downloading signed certificate / STEP 7 +curl -s "$certificate" -o $ssl_dir/$domain.pem + +# Splitting up downloaded pem +crt_end=$(grep -n END $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:) +head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt + +pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ') +ca_end=$(grep -n "BEGIN" $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :) +ca_end=$(( pem_lines - crt_end + 1 )) +tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca # Adding SSL ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME') @@ -140,18 +273,13 @@ update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes' # Vesta # #----------------------------------------------------------# -# Restarting web -$BIN/v-restart-web $restart -if [ "$?" -ne 0 ]; then - send_notice 'LETSENCRYPT' "web server needs to be restarted manually" -fi +# Deleteing task from queue +touch $VESTA/data/queue/letsencrypt.pipe +sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe # Notifying user send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully" -# Deleteing task from queue -touch $VESTA/data/queue/letsencrypt.pipe -sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe # Logging log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-add-letsencrypt-user b/bin/v-add-letsencrypt-user old mode 100755 new mode 100644 index bebebef7..f3a19163 --- a/bin/v-add-letsencrypt-user +++ b/bin/v-add-letsencrypt-user @@ -1,8 +1,8 @@ #!/bin/bash # info: register letsencrypt user account -# options: USER [TYPE] +# options: USER # -# The function creates and register LetsEncript account key +# The function creates and register LetsEncript account #----------------------------------------------------------# @@ -11,8 +11,9 @@ # Argument definition user=$1 -type=${2-1} -key_size=4096 + +# LE API +API='https://acme-v02.api.letsencrypt.org' # Includes source $VESTA/func/main.sh @@ -23,22 +24,39 @@ encode_base64() { cat |base64 |tr '+/' '-_' |tr -d '\r\n=' } +# Let's Encrypt v2 curl function +query_le_v2() { + protected='{"nonce": "'$3'",' + protected=''$protected' "url": "'$1'",' + protected=''$protected' "alg": "RS256", "jwk": '$jwk'}' + content="Content-Type: application/jose+json" + + payload_=$(echo -n "$2" |encode_base64) + protected_=$(echo -n "$protected" |encode_base64) + signature_=$(printf "%s" "$protected_.$payload_" |\ + openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\ + encode_base64) + + post_data='{"protected":"'"$protected_"'",' + post_data=$post_data'"payload":"'"$payload_"'",' + post_data=$post_data'"signature":"'"$signature_"'"}' + + curl -s -i -d "$post_data" "$1" -H "$content" +} + #----------------------------------------------------------# # Verifications # #----------------------------------------------------------# -check_args '1' "$#" 'USER [TYPE]' +check_args '1' "$#" 'USER' is_format_valid 'user' is_object_valid 'user' 'USER' "$user" if [ -e "$USER_DATA/ssl/le.conf" ]; then source "$USER_DATA/ssl/le.conf" - if [ "$type" -eq 1 ] && [ ! -z "$EMAIL" ]; then - exit - fi - if [ "$type" -eq 2 ] && [ ! -z "$KID" ]; then - exit - fi +fi +if [ ! -z "$KID" ]; then + exit fi @@ -46,108 +64,57 @@ fi # Action # #----------------------------------------------------------# -# Defining LE API endpoint -if [ "$type" -eq 1 ]; then - api='https://acme-v01.api.letsencrypt.org' -else - api='https://acme-v02.api.letsencrypt.org' -fi # Defining user email -if [ $type -eq 1 ]; then - email=$(get_user_value '$CONTACT') +if [[ -z "$EMAIL" ]]; then + EMAIL=$(get_user_value '$CONTACT') fi # Defining user agreement -if [ "$type" -eq 1 ]; then - agreement=$(curl -s -I "$api/terms" |grep Location |\ - cut -f 2 -d \ |tr -d '\r\n') -else - #agreement=$(curl -s "$api/directory" |grep termsOfService |\ - # cut -f 4 -d '"') - agreement='' -fi +agreement='' # Generating user key -key="$USER_DATA/ssl/user.key" -if [ ! -e "$key" ]; then - openssl genrsa -out $key $key_size >/dev/null 2>&1 - chmod 600 $key +KEY="$USER_DATA/ssl/user.key" +if [ ! -e "$KEY" ]; then + openssl genrsa -out $KEY 4096 >/dev/null 2>&1 + chmod 600 $KEY fi # Defining key exponent if [ -z "$EXPONENT" ]; then - exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\ + EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\ grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ xxd -r -p |encode_base64) -else - exponent="$EXPONENT" fi # Defining key modulus if [ -z "$MODULUS" ]; then - modulus=$(openssl rsa -in "$key" -modulus -noout |\ + MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\ sed -e 's/^Modulus=//' |xxd -r -p |encode_base64) -else - modulus="$MODULUS" fi -# Defining JWK token -jwk='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' +# Defining JWK +jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}' # Defining key thumbnail if [ -z "$THUMB" ]; then - thumb="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)" -else - thumb="$THUMB" + THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)" fi + # Requesting ACME nonce -nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n') +nonce=$(curl -s -I "$API/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n') -# Defining payload and protected data for v1 and v2 -if [ "$type" -eq 1 ]; then - header='{"alg":"RS256","jwk":'"$jwk"'}' - protected='{"nonce":"'"$nonce"'"}' - payload='{"resource":"new-reg","contact":["mailto:'"$email"'"],' - payload=$payload'"agreement":"'$agreement'"}' +# Creating ACME account +url="$API/acme/new-acct" +payload='{"termsOfServiceAgreed": true}' +answer=$(query_le_v2 "$url" "$payload" "$nonce") +kid=$(echo "$answer" |grep Location: |cut -f2 -d ' '|tr -d '\r') -else - protected='{"nonce": "'$nonce'",' - protected=''$protected' "url": "'$api/acme/new-acct'",' - protected=''$protected' "alg": "RS256", "jwk": '$jwk'}' - payload='{"termsOfServiceAgreed": true}' -fi - -# Encoding data -protected=$(echo -n "$protected" |encode_base64) -payload=$(echo -n "$payload" |encode_base64) - -# Signing request -signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |\ - encode_base64) - -if [ "$type" -eq 1 ]; then - data='{"header":'"$header"',"protected":"'"$protected"'",' - data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' - - answer=$(curl -s -i -d "$data" "$api/acme/new-reg") - status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') -else - data='{"protected":"'"$protected"'",' - data=$data'"payload":"'"$payload"'",' - data=$data'"signature":"'"$signature"'"}' - - answer=$(curl -s -i -d "$data" "$api/acme/new-acct" \ - -H "Content-Type: application/jose+json") - status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') - kid=$(echo "$answer" |grep Location: |cut -f2 -d ' '|tr -d '\r') -fi - -# Checking http answer status -if [[ "${status:0:2}" -ne "20" ]] && [[ "$status" -ne "409" ]]; then - check_result $E_CONNECT "LetsEncrypt account registration $status" +# Checking answer status +status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') +if [[ "${status:0:2}" -ne "20" ]]; then + check_result $E_CONNECT "Let's Encrypt acc registration failed $status" fi @@ -157,25 +124,15 @@ fi # Adding le.conf if [ ! -e "$USER_DATA/ssl/le.conf" ]; then - echo "EXPONENT='$exponent'" > $USER_DATA/ssl/le.conf - echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf - echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf - if [ "$type" -eq 1 ]; then - echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf - echo "KID='$kid'" >> $USER_DATA/ssl/le.conf -else - echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf - echo "KID='$kid'" >> $USER_DATA/ssl/le.conf - fi + echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf + echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf + echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf + echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf + echo "KID='$kid'" >> $USER_DATA/ssl/le.conf chmod 660 $USER_DATA/ssl/le.conf else - if [ "$type" -eq 1 ]; then - sed -i '/^EMAIL=/d' $USER_DATA/ssl/le.conf - echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf - else - sed -i '/^KID=/d' $USER_DATA/ssl/le.conf - echo "KID='$kid'" >> $USER_DATA/ssl/le.conf - fi + sed -i '/^KID=/d' $USER_DATA/ssl/le.conf + echo "KID='$kid'" >> $USER_DATA/ssl/le.conf fi # Logging diff --git a/bin/v-add-sys-mail-ssl b/bin/v-add-sys-mail-ssl new file mode 100755 index 00000000..1ebffdc3 --- /dev/null +++ b/bin/v-add-sys-mail-ssl @@ -0,0 +1,106 @@ +#!/bin/bash +# info: copy mail ssl certificate +# options: USER DOMAIN [RESTART] +# +# The function copies user domain SSL to mail SSL directory + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$2 +restart=$3 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'USER DOMAIN [RESTART]' +is_format_valid 'user' 'domain' +is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Defining certificate location +dom_crt="/home/$user/conf/web/ssl.$domain.pem" +dom_key="/home/$user/conf/web/ssl.$domain.key" +vst_crt="$VESTA/ssl/mail.crt" +vst_key="$VESTA/ssl/mail.key" + +# Checking certificate +if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then + check_result $E_NOTEXIST "$domain certificate doesn't exist" +fi + +# Checking difference +diff $dom_crt $vst_crt >/dev/null 2>&1 +if [ $? -ne 0 ]; then + rm -f $vst_crt.old $vst_key.old + mv $vst_crt $vst_crt.old >/dev/null 2>&1 + mv $vst_key $vst_key.old >/dev/null 2>&1 + cp $dom_crt $vst_crt 2>/dev/null + cp $dom_key $vst_key 2>/dev/null + chown root:mail $vst_crt $vst_key +else + restart=no +fi + +# Updating mail certificate +case $MAIL_SYSTEM in + exim) conf='/etc/exim/exim.conf';; + exim4) conf='/etc/exim4/exim4.conf.template';; +esac +if [ -e "$conf" ]; then + sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \ + -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf +fi + +# Updating imap certificate +conf="/etc/dovecot/conf.d/10-ssl.conf" +if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then + sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \ + -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting services +if [ "$restart" != 'no' ]; then + if [ ! -z "$MAIL_SYSTEM" ]; then + $BIN/v-restart-service $MAIL_SYSTEM + fi + if [ ! -z "$IMAP_SYSTEM" ]; then + $BIN/v-restart-service $IMAP_SYSTEM + fi +fi + +# Updating vesta.conf +if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then + echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf +else + sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \ + $VESTA/conf/vesta.conf +fi + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-sys-vesta-ssl b/bin/v-add-sys-vesta-ssl new file mode 100755 index 00000000..32cd6c14 --- /dev/null +++ b/bin/v-add-sys-vesta-ssl @@ -0,0 +1,97 @@ +#!/bin/bash +# info: add vesta ssl certificate +# options: USER DOMAIN [RESTART] +# +# The function copies user domain SSL to vesta SSL directory + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +user=$1 +domain=$2 +restart=$3 + +# Includes +source $VESTA/func/main.sh +source $VESTA/func/domain.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '2' "$#" 'USER DOMAIN [RESTART]' +is_format_valid 'user' 'domain' +is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' +is_object_valid 'user' 'USER' "$user" +is_object_valid 'web' 'DOMAIN' "$domain" +is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL' + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Defining certificate location +dom_crt="/home/$user/conf/web/ssl.$domain.pem" +dom_key="/home/$user/conf/web/ssl.$domain.key" +vst_crt="$VESTA/ssl/certificate.crt" +vst_key="$VESTA/ssl/certificate.key" + +# Checking certificate +if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then + check_result $E_NOTEXIST "$domain certificate doesn't exist" +fi + +# Checking difference +diff $dom_crt $vst_crt >/dev/null 2>&1 +if [ $? -ne 0 ]; then + rm -f $vst_crt.old $vst_key.old + mv $vst_crt $vst_crt.old + mv $vst_key $vst_key.old + cp $dom_crt $vst_crt 2>/dev/null + cp $dom_key $vst_key 2>/dev/null + chown root:mail $vst_crt $vst_key +else + restart=no +fi + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting services +if [ "$restart" != 'no' ]; then + if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then + $BIN/v-restart-service $MAIL_SYSTEM + fi + if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then + $BIN/v-restart-service $IMAP_SYSTEM + fi + if [ ! -z "$FTP_SYSTEM" ]; then + $BIN/v-restart-service "$FTP_SYSTEM" + fi + if [ -e "/var/run/vesta-nginx.pid" ]; then + kill -HUP $(cat /var/run/vesta-nginx.pid) + else + service vesta restart + fi +fi + +# Updating vesta.conf +if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then + echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf +else + sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \ + $VESTA/conf/vesta.conf +fi + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-add-web-domain b/bin/v-add-web-domain index 1005bc9c..8a71cc9f 100755 --- a/bin/v-add-web-domain +++ b/bin/v-add-web-domain @@ -63,7 +63,7 @@ fi source $USER_DATA/user.conf # Creating domain directories -mkdir -p $HOMEDIR/$user/web/$domain \ +sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \ $HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/document_errors \ @@ -80,7 +80,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \ $HOMEDIR/$user/web/$domain/logs/ # Adding domain skeleton -cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1 +sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1 for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do sed -i "s/%domain%/$domain/g" $file done @@ -91,7 +91,7 @@ chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/* chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs -chmod 644 $HOMEDIR/$user/web/$domain/public_*html/* +chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.* # Addding PHP-FPM backend if [ ! -z "$WEB_BACKEND" ]; then diff --git a/bin/v-add-web-domain-ssl b/bin/v-add-web-domain-ssl index a006d072..43e5cce3 100755 --- a/bin/v-add-web-domain-ssl +++ b/bin/v-add-web-domain-ssl @@ -120,6 +120,22 @@ check_result $? "Web restart failed" >/dev/null $BIN/v-restart-proxy $restart check_result $? "Proxy restart failed" >/dev/null +# Updating system ssl dependencies +if [ ! -z "$VESTA_CERTIFICATE" ]; then + crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :) + crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :) + if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then + $BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1 + fi +fi +if [ ! -z "$MAIL_CERTIFICATE" ]; then + crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :) + crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :) + if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then + $BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1 + fi +fi + if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then hostname=$(hostname) if [ "$hostname" = "$domain" ]; then diff --git a/bin/v-backup-user b/bin/v-backup-user index a1a2665a..f43277ac 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -210,7 +210,7 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") set -f fargs=() - fargs+=(--exclude='logs/*') + fargs+=(--exclude='./logs/*') if [ ! -z "$exlusion" ]; then xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" for xpath in $xdirs; do @@ -228,7 +228,7 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then set +f # Backup files - tar -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz + tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz done # Print total @@ -466,11 +466,15 @@ if [ "$USER" != '*' ]; then fi fargs=() for xpath in $(echo "$USER" |tr ',' '\n'); do - fargs+=(-not) - fargs+=(-path) - fargs+=("./$xpath*") - echo "$(date "+%F %T") excluding directory $xpath" |\ + if [ -d "$xpath" ]; then + fargs+=(--exclude=$xpath/*) + echo "$(date "+%F %T") excluding directory $xpath" |\ tee -a $BACKUP/$user.log + else + echo "$(date "+%F %T") excluding file $xpath" |\ + tee -a $BACKUP/$user.log + fargs+=(--exclude=$xpath) + fi done IFS=$'\n' @@ -487,7 +491,7 @@ if [ "$USER" != '*' ]; then wait_for_backup_if_it_is_not_time_for_backup # Backup files and dirs - tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz + tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz fi done set +f diff --git a/bin/v-change-sys-service-config b/bin/v-change-sys-service-config index 97c14a17..0500ecb9 100755 --- a/bin/v-change-sys-service-config +++ b/bin/v-change-sys-service-config @@ -95,13 +95,21 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then if [ "$service" = 'php' ]; then if [ "$WEB_SYSTEM" = "nginx" ]; then - service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p) + if [ $(ps --no-headers -o comm 1) == systemd ]; then + service=$(systemctl | grep -o -E "php.*fpm.*\.service") + service=${service//.service/} + else + service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /) + fi else service=$WEB_SYSTEM fi fi - service $service restart >/dev/null 2>&1 + for single_service in $service; do + service $single_service restart >/dev/null 2>&1 + done <<< "$service" + if [ $? -ne 0 ]; then for config in $dst; do cat $config.vst.back > $config diff --git a/bin/v-check-letsencrypt-domain b/bin/v-check-letsencrypt-domain deleted file mode 100755 index 44f48888..00000000 --- a/bin/v-check-letsencrypt-domain +++ /dev/null @@ -1,162 +0,0 @@ -#!/bin/bash -# info: check letsencrypt domain -# options: USER DOMAIN -# -# The function check and validates domain with LetsEncript - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument definition -user=$1 -domain=$2 - -# Includes -source $VESTA/func/main.sh -source $VESTA/conf/vesta.conf - -# encode base64 -encode_base64() { - cat |base64 |tr '+/' '-_' |tr -d '\r\n=' -} - -# Additional argument formatting -format_domain_idn - - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '2' "$#" 'USER DOMAIN' -is_format_valid 'user' 'domain' -is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" -if [ ! -e "$USER_DATA/ssl/le.conf" ]; then - check_result $E_NOTEXIST "LetsEncrypt key doesn't exist" -fi -rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf) -if [ -z "$rdomain" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -source $USER_DATA/ssl/le.conf -api='https://acme-v01.api.letsencrypt.org' -r_domain=$(echo "$rdomain" |cut -f 2 -d \') -key="$USER_DATA/ssl/user.key" -exponent="$EXPONENT" -modulus="$MODULUS" -thumb="$THUMB" - -# Defining JWK header -header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -header='{"alg":"RS256","jwk":'"$header"'}' - -# Requesting nonce -nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') -protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) - -# Defining ACME query (request challenge) -query='{"resource":"new-authz","identifier"' -query=$query':{"type":"dns","value":"'"$domain_idn"'"}}' -payload=$(echo -n "$query" |encode_base64) -signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |encode_base64) -data='{"header":'"$header"',"protected":"'"$protected"'",' -data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' - -# Sending request to LetsEncrypt API -answer=$(curl -s -i -d "$data" "$api/acme/new-authz") - -# Checking http answer status -status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ') -if [[ "$status" -ne "201" ]]; then - check_result $E_CONNECT "LetsEncrypt challenge request $status" -fi - -# Parsing domain nonce,token and uri -nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') -protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) -token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \") -uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \") - -# Adding location wrapper for request challenge -if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then - conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt" - sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt" - if [ ! -e "$conf" ]; then - echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf - echo ' default_type text/plain;' >> $conf - echo ' return 200 "$1.'$thumb'";' >> $conf - echo '}' >> $conf - fi - if [ ! -e "$sconf" ]; then - ln -s "$conf" "$sconf" - fi -fi - acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge" - if [ ! -d "$acme" ]; then - mkdir -p $acme - fi - echo "$token.$thumb" > $acme/$token - chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known - - -# Restarting web server -if [ -z "$PROXY_SYSTEM" ]; then - $BIN/v-restart-web - check_result $? "Proxy restart failed" >/dev/null -else - $BIN/v-restart-proxy - $BIN/v-restart-web - check_result $? "Web restart failed" >/dev/null -fi - -# Defining ACME query (request validation) -query='{"resource":"challenge","type":"http-01","keyAuthorization"' -query=$query':"'$token.$thumb'","token":"'$token'"}' -payload=$(echo -n "$query" |encode_base64) -signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |encode_base64) -data='{"header":'"$header"',"protected":"'"$protected"'",' -data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' - -# Sending request to LetsEncrypt API -answer=$(curl -s -i -d "$data" "$uri") - -# Checking domain validation status -i=1 -status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \") -location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n') -while [ "$status" = 'pending' ]; do - answer=$(curl -s -i "$location") - detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")" - status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \") - sleep 1 - i=$((i + 1)) - if [ "$i" -gt 60 ]; then - check_result $E_CONNECT "$detail" - fi -done -if [ "$status" = 'invalid' ]; then - detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")" - check_result $E_CONNECT "$detail" -fi - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain index f3541edb..ee727aa9 100755 --- a/bin/v-delete-mail-domain +++ b/bin/v-delete-mail-domain @@ -56,7 +56,7 @@ fi # Deleting dkim dns record if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then records=$($BIN/v-list-dns-records $user $domain plain) - dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') + dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1) for id in $dkim_records; do $BIN/v-delete-dns-record $user $domain $id done diff --git a/bin/v-delete-sys-mail-ssl b/bin/v-delete-sys-mail-ssl new file mode 100755 index 00000000..06dab82b --- /dev/null +++ b/bin/v-delete-sys-mail-ssl @@ -0,0 +1,75 @@ +#!/bin/bash +# info: delete sys vesta user ssl certificate +# options: NONE +# +# The script disables user domain ssl synchronization + + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +vst_crt="$VESTA/ssl/certificate.crt" +vst_key="$VESTA/ssl/certificate.key" + +# Updating mail certificate +case $MAIL_SYSTEM in + exim) conf='/etc/exim/exim.conf';; + exim4) conf='/etc/exim4/exim4.conf.template';; +esac +if [ -e "$conf" ]; then + sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \ + -e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf +fi + +# Updating imap certificate +conf="/etc/dovecot/conf.d/10-ssl.conf" +if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then + sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \ + -e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf +fi + +# Moving old certificates +if [ -e "$VESTA/ssl/mail.crt" ]; then + mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old +fi +if [ -e "VESTA/ssl/mail.key" ]; then + mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old +fi + +# Updating vesta.conf value +sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Restarting services +if [ "$restart" != 'no' ]; then + if [ ! -z "$MAIL_SYSTEM" ]; then + $BIN/v-restart-service $MAIL_SYSTEM + fi + if [ ! -z "$IMAP_SYSTEM" ]; then + $BIN/v-restart-service $IMAP_SYSTEM + fi +fi + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-sys-vesta-ssl b/bin/v-delete-sys-vesta-ssl new file mode 100755 index 00000000..e90f32b9 --- /dev/null +++ b/bin/v-delete-sys-vesta-ssl @@ -0,0 +1,37 @@ +#!/bin/bash +# info: delete sys vesta user ssl certificate +# options: NONE +# +# The script disables user domain ssl synchronization + + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Updating vesta.conf value +sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-user-favourites b/bin/v-delete-user-favourites index 374fa430..28a8dd97 100755 --- a/bin/v-delete-user-favourites +++ b/bin/v-delete-user-favourites @@ -32,6 +32,8 @@ case $system in DNS_REC) is_format_valid 'id' ;; *) is_format_valid 'object' esac + +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" diff --git a/bin/v-list-dns-domain b/bin/v-list-dns-domain index f72943f9..c9c3f1ea 100755 --- a/bin/v-list-dns-domain +++ b/bin/v-list-dns-domain @@ -71,6 +71,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [FORMAT]' +is_format_valid 'user' 'domain' is_object_valid 'user' 'USER' "$user" is_object_valid 'dns' 'DOMAIN' "$domain" diff --git a/bin/v-list-letsencrypt-user b/bin/v-list-letsencrypt-user index 6289ecba..f6e2c774 100755 --- a/bin/v-list-letsencrypt-user +++ b/bin/v-list-letsencrypt-user @@ -56,6 +56,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'USER [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" if [ ! -e "$USER_DATA/ssl/le.conf" ]; then check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist" diff --git a/bin/v-list-mail-domain-dkim-dns b/bin/v-list-mail-domain-dkim-dns index d7b3e2a6..d9f9d5ba 100755 --- a/bin/v-list-mail-domain-dkim-dns +++ b/bin/v-list-mail-domain-dkim-dns @@ -57,6 +57,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [FORMAT]' +is_format_valid 'user' 'domain' is_object_valid 'user' 'USER' "$user" is_object_valid 'mail' 'DOMAIN' "$domain" @@ -67,7 +68,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain" # Parsing domain keys if [ -e "$USER_DATA/mail/$domain.pub" ]; then - pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----") + pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r") pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g') else pub="DKIM-SUPPORT-IS-NOT-ACTIVATED" diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config old mode 100755 new mode 100644 index 52607672..4f52e4a6 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -53,6 +53,8 @@ json_list() { "DB_PGA_URL": "'$DB_PGA_URL'", "SOFTACULOUS": "'$SOFTACULOUS'", "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'" + "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" } }' } @@ -139,6 +141,12 @@ shell_list() { if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then echo "Language: $LANGUAGE" fi + if [ ! -z "$MAIL_CERTIFICATE" ]; then + echo "Mail SSL: $MAIL_CERTIFICATE" + fi + if [ ! -z "$VESTA_CERTIFICATE" ]; then + echo "Vesta SSL: $VESTA_CERTIFICATE" + fi echo "Version: $VERSION" } @@ -152,7 +160,8 @@ plain_list() { echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t" echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t" echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t" - echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL" + echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t" + echo -e "$VESTA_CERTIFICATE" } @@ -166,7 +175,8 @@ csv_list() { echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM'," echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY'," echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP'," - echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'" + echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS'," + echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'" echo echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL'," echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT'," @@ -177,6 +187,7 @@ csv_list() { echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY'," echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP'," echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'" + echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'" echo } @@ -188,7 +199,7 @@ csv_list() { # Listing data case $format in json) json_list ;; - plain) shell_list ;; + plain) plain_list ;; csv) csv_list ;; shell) shell_list ;; esac diff --git a/bin/v-list-sys-mail-ssl b/bin/v-list-sys-mail-ssl new file mode 100755 index 00000000..5da74e08 --- /dev/null +++ b/bin/v-list-sys-mail-ssl @@ -0,0 +1,135 @@ +#!/bin/bash +# info: list mail ssl certificate +# options: [FORMAT] +# +# The function of obtaining mail ssl files. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + echo '{' + echo -e "\t\"MAIL\": {" + echo " \"CRT\": \"$crt\"," + echo " \"KEY\": \"$key\"," + echo " \"CA\": \"$ca\"," + echo " \"SUBJECT\": \"$subj\"," + echo " \"ALIASES\": \"$alt_dns\"," + echo " \"NOT_BEFORE\": \"$before\"," + echo " \"NOT_AFTER\": \"$after\"," + echo " \"SIGNATURE\": \"$signature\"," + echo " \"PUB_KEY\": \"$pub_key\"," + echo " \"ISSUER\": \"$issuer\"" + echo -e "\t}\n}" +} + +# SHELL list function +shell_list() { + if [ ! -z "$crt" ]; then + echo -e "$crt" + fi + if [ ! -z "$key" ]; then + echo -e "\n$key" + fi + if [ ! -z "$crt" ]; then + echo + echo + echo "SUBJECT: $subj" + if [ ! -z "$alt_dns" ]; then + echo "ALIASES: ${alt_dns//,/ }" + fi + echo "VALID FROM: $before" + echo "VALID TIL: $after" + echo "SIGNATURE: $signature" + echo "PUB_KEY: $pub_key" + echo "ISSUER: $issuer" + fi +} + +# PLAIN list function +plain_list() { + if [ ! -z "$crt" ]; then + echo -e "$crt" + fi + if [ ! -z "$key" ]; then + echo -e "\n$key" + fi + if [ ! -z "$ca" ]; then + echo -e "\n$ca" + fi + if [ ! -z "$crt" ]; then + echo "$subj" + echo "${alt_dns//,/ }" + echo "$before" + echo "$after" + echo "$signature" + echo "$pub_key" + echo "$issuer" + fi + +} + +# CSV list function +csv_list() { + echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE," + echo "PUB_KEY,ISSUER" + echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\"," + echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\"" +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Parsing SSL certificate +if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then + exit +fi + +crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g') +key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g') + + +# Parsing SSL certificate details without CA +info=$(openssl x509 -text -in $VESTA/ssl/mail.crt) +subj=$(echo "$info" |grep Subject: |cut -f 2 -d =) +before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //") +after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //") +signature=$(echo "$info" |grep "Algorithm:" |head -n1 ) +signature=$(echo "$signature"| sed -e "s/.*Algorithm: //") +pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \)) +issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //") +alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',') +alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d") +alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g') + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-user b/bin/v-list-user index 05649f91..57b48bb3 100755 --- a/bin/v-list-user +++ b/bin/v-list-user @@ -154,6 +154,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'USER [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-list-user-backup b/bin/v-list-user-backup index 2e0a98d0..8ee8a41b 100755 --- a/bin/v-list-user-backup +++ b/bin/v-list-user-backup @@ -75,6 +75,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER BACKUP [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" is_object_valid 'backup' 'BACKUP' "$backup" diff --git a/bin/v-list-user-stats b/bin/v-list-user-stats index 11b867af..0fa7dc90 100755 --- a/bin/v-list-user-stats +++ b/bin/v-list-user-stats @@ -115,6 +115,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'USER [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-list-web-domain b/bin/v-list-web-domain index e0f9492c..7e33a4ab 100755 --- a/bin/v-list-web-domain +++ b/bin/v-list-web-domain @@ -110,6 +110,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [FORMAT]' +is_format_valid 'user' 'domain' is_object_valid 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" diff --git a/bin/v-list-web-domain-ssl b/bin/v-list-web-domain-ssl index 99fd5cf8..d637cf89 100755 --- a/bin/v-list-web-domain-ssl +++ b/bin/v-list-web-domain-ssl @@ -98,6 +98,7 @@ csv_list() { #----------------------------------------------------------# check_args '2' "$#" 'USER DOMAIN [FORMAT]' +is_format_valid 'user' 'domain' is_object_valid 'user' 'USER' "$user" is_object_valid 'web' 'DOMAIN' "$domain" diff --git a/bin/v-list-web-domains b/bin/v-list-web-domains index a31199fa..23de5fb4 100755 --- a/bin/v-list-web-domains +++ b/bin/v-list-web-domains @@ -100,6 +100,7 @@ csv_list() { #----------------------------------------------------------# check_args '1' "$#" 'USER [FORMAT]' +is_format_valid 'user' is_object_valid 'user' 'USER' "$user" diff --git a/bin/v-restore-user b/bin/v-restore-user index d48c01d3..a0ce7f2d 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -406,15 +406,21 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then fi # Restoring web domain data - tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ - -C $HOMEDIR/$user/web/$domain/ - if [ "$?" -ne 0 ]; then - rm -rf $tmpdir - error="can't unpack $domain data tarball" - echo "$error" |$SENDMAIL -s "$subj" $email $notify - sed -i "/ $user /d" $VESTA/data/queue/backup.pipe - check_result "$E_PARSING" "$error" + chown $user $tmpdir + chmod u+w $HOMEDIR/$user/web/$domain + sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ + -C $HOMEDIR/$user/web/$domain/ --exclude=logs/* \ + 2> $HOMEDIR/$user/web/$domain/restore_errors.log + if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then + chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log fi + #if [ "$?" -ne 0 ]; then + # rm -rf $tmpdir + # error="can't unpack $domain data tarball" + # echo "$error" |$SENDMAIL -s "$subj" $email $notify + # sed -i "/ $user /d" $VESTA/data/queue/backup.pipe + # check_result "$E_PARSING" "$error" + #fi # Applying Fix for tar < 1.24 find $HOMEDIR/$user/web/$domain -type d \ @@ -586,13 +592,15 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then # Rebuilding mail config rebuild_mail_domain_conf - + domain_idn=$domain format_domain_idn # Restoring emails if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then - tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ + chown $user $tmpdir + chmod u+w $HOMEDIR/$user/mail/$domain_idn + sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ -C $HOMEDIR/$user/mail/$domain_idn/ if [ "$?" -ne 0 ]; then rm -rf $tmpdir diff --git a/bin/v-search-ssl-certificates b/bin/v-search-ssl-certificates new file mode 100755 index 00000000..c9208830 --- /dev/null +++ b/bin/v-search-ssl-certificates @@ -0,0 +1,93 @@ +#!/bin/bash +# info: search ssl certificates +# options: [FORMAT] +# +# The function to obtain the list of available ssl certificates. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + IFS=$'\n' + objects=$(echo "$search_cmd" |wc -l) + i=1 + echo '[' + for str in $search_cmd; do + eval $str + if [ "$i" -lt "$objects" ]; then + echo -e "\t\"$USER:$DOMAIN\"," + else + echo -e "\t\"$USER:$DOMAIN\"" + fi + (( ++i)) + done + echo "]" +} + +# SHELL list function +shell_list() { + IFS=$'\n' + echo "USER DOMAIN" + echo "---- ------" + for str in $search_cmd; do + eval $str + echo "$USER $DOMAIN" + done +} + +# PLAIN list function +plain_list() { + IFS=$'\n' + for str in $search_cmd; do + eval $str + echo -e "$USER\t$DOMAIN" + done +} + +# CSV list function +csv_list() { + IFS=$'\n' + echo "USER,DOMAIN" + for str in $search_cmd; do + eval $str + echo "$USER,$DOMAIN" + done +} + + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\ + cut -f 1 -d ' ' |\ + sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |") + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list |column -t ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-sign-letsencrypt-csr b/bin/v-sign-letsencrypt-csr deleted file mode 100755 index 414eb8b3..00000000 --- a/bin/v-sign-letsencrypt-csr +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/bash -# info: sing letsencrypt csr -# options: USER DOMAIN CSR_DIR [FORMAT] -# -# The function signs certificate request using LetsEncript API - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument definition -user=$1 -domain=$2 -csr="$3/$domain.csr" -format=$4 - -# Includes -source $VESTA/func/main.sh -source $VESTA/conf/vesta.conf - -# encode base64 -encode_base64() { - cat |base64 |tr '+/' '-_' |tr -d '\r\n=' -} - - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '3' "$#" 'USER DOMAIN CSR' -is_format_valid 'user' 'domain' -is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" -if [ ! -e "$USER_DATA/ssl/le.conf" ]; then - check_result $E_NOTEXIST "LetsEncrypt key doesn't exist" -fi -check_domain=$(grep -w "$domain'" $USER_DATA/web.conf) -if [ -z "$check_domain" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi -if [ ! -e "$csr" ]; then - check_result $E_NOTEXIST "$csr doesn't exist" -fi - - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -source $USER_DATA/ssl/le.conf -api='https://acme-v01.api.letsencrypt.org' -key="$USER_DATA/ssl/user.key" -exponent="$EXPONENT" -modulus="$MODULUS" -thumb="$THUMB" - -# Defining JWK header -header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' -header='{"alg":"RS256","jwk":'"$header"'}' - -# Requesting nonce -nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n') -protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) - -# Defining ACME query (request challenge) -csr=$(openssl req -in $csr -outform DER |encode_base64) -query='{"resource":"new-cert","csr":"'$csr'"}' -payload=$(echo -n "$query" |encode_base64) -signature=$(printf "%s" "$protected.$payload" |\ - openssl dgst -sha256 -binary -sign "$key" |encode_base64) -data='{"header":'"$header"',"protected":"'"$protected"'",' -data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}' - -# Sending request to LetsEncrypt API -answer=$(mktemp) -curl -s -d "$data" "$api/acme/new-cert" -o $answer -if [ ! -z "$(grep Error $answer)" ]; then - detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")" - detail=$(echo "$detail" |awk -F "::" '{print $2}') - rm $answer - check_result $E_LIMIT "$detail" -fi - -# Printing certificate -crt=$(cat "$answer" |openssl base64 -e) -rm $answer -if [ "$format" != 'json' ]; then - echo "-----BEGIN CERTIFICATE-----" - echo "$crt" - echo "-----END CERTIFICATE-----" -else - echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\"" - echo -n '-----BEGIN CERTIFICATE-----\n' - echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g' - echo -n '-----END CERTIFICATE-----' - echo -e "\"\n\t\t}\n\t}" -fi - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-unsuspend-mail-account b/bin/v-unsuspend-mail-account index 314c13bc..57e54af5 100755 --- a/bin/v-unsuspend-mail-account +++ b/bin/v-unsuspend-mail-account @@ -48,6 +48,9 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account" if [[ "$MAIL_SYSTEM" =~ exim ]]; then md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5') quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA') + if [ "$quota" = 'unlimited' ]; then + quota=0 + fi sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota" echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd diff --git a/bin/v-update-firewall b/bin/v-update-firewall index da91acc8..46e2073a 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -51,11 +51,6 @@ if [ $? -ne 0 ]; then conntrack_ftp='no' fi -# Checking custom OpenSSH port -sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2) -if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then - sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules -fi # Creating temporary file tmp=$(mktemp) diff --git a/bin/v-update-letsencrypt-ssl b/bin/v-update-letsencrypt-ssl index d57ae11e..f70cc825 100755 --- a/bin/v-update-letsencrypt-ssl +++ b/bin/v-update-letsencrypt-ssl @@ -22,50 +22,32 @@ source $VESTA/conf/vesta.conf # Action # #----------------------------------------------------------# -# Defining user list -users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }') - lecounter=0 -# Checking users -for user in $users; do +# Checking user certificates +for user in $($BIN/v-list-users plain |cut -f 1); do USER_DATA=$VESTA/data/users/$user - # Checking user certificates + for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do - # Working on Web domain check - if is suspended - webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='yes") - if [ ! -z "$webSuspended" ]; then - continue; - fi; - crt="$VESTA/data/users/$user/ssl/$domain.crt" - crt_data=$(openssl x509 -text -in "$crt") - expire=$(echo "$crt_data" |grep "Not After") - expire=$(echo "$expire" |cut -f 2,3,4 -d :) - expire=$(date -d "$expire" +%s) + crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt) + not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :) + expiration=$(date -d "$not_after" +%s) now=$(date +%s) - expire=$((expire - now)) - expire=$((expire / 86400)) - domain=$(basename $crt |sed -e "s/.crt$//") - if [[ "$expire" -lt 31 ]]; then + seconds_valid=$((expiration - now)) + days_valid=$((seconds_valid / 86400)) + if [[ "$days_valid" -lt 31 ]]; then if [ $lecounter -gt 0 ]; then sleep 120 fi ((lecounter++)) aliases=$(echo "$crt_data" |grep DNS:) - aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//") + aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g") aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d") - aliases=$(echo "$aliases" |grep -v "^$domain$") - if [ ! -z "$aliases" ]; then - aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g') - msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases) - if [ $? -ne 0 ]; then - echo "$domain $msg" - fi - else - msg==$($BIN/v-add-letsencrypt-domain $user $domain) - if [ $? -ne 0 ]; then - echo "$domain $msg" - fi + aliases=$(echo "$aliases" |egrep -v "^$domain,?$") + aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g') + msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases) + if [ $? -ne 0 ]; then + echo "$domain $msg" fi fi done diff --git a/bin/v-update-sys-ip b/bin/v-update-sys-ip index 7360b07f..6c07edc6 100755 --- a/bin/v-update-sys-ip +++ b/bin/v-update-sys-ip @@ -44,7 +44,7 @@ if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then fi # Updating configs -if [ ! -z "$new" ]; then +if [ ! -z "$old" ]; then mv $VESTA/data/ips/$old $VESTA/data/ips/$new # Updating PROXY diff --git a/bin/v-update-sys-rrd-pgsql b/bin/v-update-sys-rrd-pgsql index 6e15c9e8..de2fec8f 100755 --- a/bin/v-update-sys-rrd-pgsql +++ b/bin/v-update-sys-rrd-pgsql @@ -85,7 +85,7 @@ for host in $hosts; do # Parsing data q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends) FROM pg_stat_database;' - status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?" + status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?" if [ '0' -ne "$code" ]; then active=0 slow=0 diff --git a/bin/v-update-sys-vesta b/bin/v-update-sys-vesta index 39cd33a2..418fe26f 100755 --- a/bin/v-update-sys-vesta +++ b/bin/v-update-sys-vesta @@ -33,7 +33,7 @@ check_args '1' "$#" 'PACKAGE' # Action # #----------------------------------------------------------# -if [ -d "/etc/sysconfig" ]; then +if [ -n "$(command -v yum)" ]; then # Clean yum chache yum -q clean all diff --git a/func/db.sh b/func/db.sh index d397dfec..30018065 100644 --- a/func/db.sh +++ b/func/db.sh @@ -55,14 +55,14 @@ mysql_query() { mysql_dump() { err="/tmp/e.mysql" - mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err + mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then echo -e "Can't dump database $database\n$(cat $err)" |\ $SENDMAIL -s "$subj" $email fi - echo "Error: dump $database failed" + echo "Error: dump $database failed\n$(cat $err)" log_event "$E_DB" "$ARGUMENTS" exit $E_DB fi diff --git a/func/domain.sh b/func/domain.sh index cc66aecb..713cc52a 100644 --- a/func/domain.sh +++ b/func/domain.sh @@ -215,7 +215,11 @@ add_web_config() { fi fi - trigger="${2/.*pl/.sh}" + trigger="${2/%.tpl/.sh}" + if [[ "$2" =~ stpl$ ]]; then + trigger="${2/%.stpl/.sh}" + fi + if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then $WEBTPL/$1/$WEB_BACKEND/$trigger \ $user $domain $local_ip $HOMEDIR \ @@ -285,8 +289,10 @@ del_web_config() { if [[ "$2" =~ stpl$ ]]; then conf="$HOMEDIR/$user/conf/web/s$1.conf" fi - get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf - sed -i "$top_line,$bottom_line d" $conf + if [ -e "$conf" ]; then + get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf + sed -i "$top_line,$bottom_line d" $conf + fi fi # clean-up for both config styles if there is no more domains web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) @@ -337,7 +343,7 @@ is_web_domain_cert_valid() { check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)" fi - openssl s_server -quiet -cert $ssl_dir/$domain.crt \ + openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \ -key $ssl_dir/$domain.key >> /dev/null 2>&1 & pid=$! sleep 0.5 diff --git a/func/ip.sh b/func/ip.sh index 605554af..c99a3272 100644 --- a/func/ip.sh +++ b/func/ip.sh @@ -141,7 +141,7 @@ get_real_ip() { else nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*) if [ ! -z "$nat" ]; then - echo "$nat" |cut -f 1 -d : |cut -f 7 -d / + echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1 fi fi } diff --git a/func/main.sh b/func/main.sh index 7483bdb8..dd9d81b8 100644 --- a/func/main.sh +++ b/func/main.sh @@ -36,6 +36,7 @@ E_DB=17 E_RRD=18 E_UPDATE=19 E_RESTART=20 +E_TEAPOT=418 # Event string for logger for ((I=1; I <= $# ; I++)); do @@ -214,7 +215,8 @@ is_object_new() { is_object_valid() { if [ $2 = 'USER' ]; then is_user_format_valid $3 'user' - if [ ! -d "$VESTA/data/users/$3" ]; then + user_vst_dir=$(basename $3) + if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then check_result $E_NOTEXIST "$1 $3 doesn't exist" fi else @@ -665,7 +667,7 @@ is_dbuser_format_valid() { # DNS record type validator is_dns_type_format_valid() { - known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA' + known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA' if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then check_result $E_INVALID "invalid dns record type format :: $1" fi diff --git a/func/rebuild.sh b/func/rebuild.sh index 9a1c0f47..cf743d65 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -152,7 +152,7 @@ rebuild_web_domain_conf() { prepare_web_domain_values # Rebuilding domain directories - mkdir -p $HOMEDIR/$user/web/$domain \ + sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \ $HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/document_errors \ @@ -178,7 +178,8 @@ rebuild_web_domain_conf() { # Propagating html skeleton if [ ! -e "$WEBTPL/skel/document_errors/" ]; then - cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/ + sudo -u $user cp -r $WEBTPL/skel/document_errors/ \ + $HOMEDIR/$user/web/$domain/ fi # Set folder permissions @@ -600,7 +601,7 @@ rebuild_pgsql_database() { exit $E_CONNECT fi - query="CREATE ROLE $DBUSER" + query="CREATE ROLE $DBUSER WITH LOGIN" psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'" @@ -617,7 +618,7 @@ rebuild_pgsql_database() { query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER" psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 - query="GRANT CONNECT ON DATABASE template1 to $dbuser" + query="GRANT CONNECT ON DATABASE template1 to $DBUSER" psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 } diff --git a/install/debian/7/pma/config.inc.php b/install/debian/7/pma/config.inc.php index a643a065..4b6a3a6b 100644 --- a/install/debian/7/pma/config.inc.php +++ b/install/debian/7/pma/config.inc.php @@ -137,6 +137,13 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/debian/7/templates/web/apache2/basedir.stpl b/install/debian/7/templates/web/apache2/basedir.stpl index dda3aa76..fe0b5b40 100644 --- a/install/debian/7/templates/web/apache2/basedir.stpl +++ b/install/debian/7/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/debian/7/templates/web/apache2/hosting.stpl b/install/debian/7/templates/web/apache2/hosting.stpl index 627325e0..e1442ce2 100644 --- a/install/debian/7/templates/web/apache2/hosting.stpl +++ b/install/debian/7/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/7/templates/web/apache2/phpcgi.stpl b/install/debian/7/templates/web/apache2/phpcgi.stpl index aa807091..40ce5fb2 100644 --- a/install/debian/7/templates/web/apache2/phpcgi.stpl +++ b/install/debian/7/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/debian/7/templates/web/apache2/phpfcgid.stpl b/install/debian/7/templates/web/apache2/phpfcgid.stpl index 88cea0e6..5d27efcd 100644 --- a/install/debian/7/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/7/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/7/templates/web/nginx/caching.stpl b/install/debian/7/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/debian/7/templates/web/nginx/caching.stpl +++ b/install/debian/7/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/7/templates/web/nginx/default.stpl b/install/debian/7/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/debian/7/templates/web/nginx/default.stpl +++ b/install/debian/7/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/7/templates/web/nginx/hosting.stpl b/install/debian/7/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/debian/7/templates/web/nginx/hosting.stpl +++ b/install/debian/7/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/debian/7/templates/web/nginx/http2.stpl b/install/debian/7/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/debian/7/templates/web/nginx/http2.stpl +++ b/install/debian/7/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/7/templates/web/nginx/http2.tpl b/install/debian/7/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/debian/7/templates/web/nginx/http2.tpl +++ b/install/debian/7/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl b/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/8/pma/config.inc.php b/install/debian/8/pma/config.inc.php index eafc6d67..a3803697 100644 --- a/install/debian/8/pma/config.inc.php +++ b/install/debian/8/pma/config.inc.php @@ -137,6 +137,13 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/debian/8/templates/web/apache2/basedir.stpl b/install/debian/8/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/debian/8/templates/web/apache2/basedir.stpl +++ b/install/debian/8/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/debian/8/templates/web/apache2/hosting.stpl b/install/debian/8/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/debian/8/templates/web/apache2/hosting.stpl +++ b/install/debian/8/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/phpcgi.stpl b/install/debian/8/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/debian/8/templates/web/apache2/phpcgi.stpl +++ b/install/debian/8/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/debian/8/templates/web/apache2/phpfcgid.stpl b/install/debian/8/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/debian/8/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/8/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/nginx/caching.stpl b/install/debian/8/templates/web/nginx/caching.stpl index 52641dbe..3c56004d 100755 --- a/install/debian/8/templates/web/nginx/caching.stpl +++ b/install/debian/8/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/8/templates/web/nginx/default.stpl b/install/debian/8/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/debian/8/templates/web/nginx/default.stpl +++ b/install/debian/8/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/8/templates/web/nginx/hosting.stpl b/install/debian/8/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/debian/8/templates/web/nginx/hosting.stpl +++ b/install/debian/8/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/debian/8/templates/web/nginx/http2.stpl b/install/debian/8/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/debian/8/templates/web/nginx/http2.stpl +++ b/install/debian/8/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/8/templates/web/nginx/http2.tpl b/install/debian/8/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/debian/8/templates/web/nginx/http2.tpl +++ b/install/debian/8/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl b/install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/9/dovecot/conf.d/15-mailboxes.conf b/install/debian/9/dovecot/conf.d/15-mailboxes.conf new file mode 100644 index 00000000..7b2bab97 --- /dev/null +++ b/install/debian/9/dovecot/conf.d/15-mailboxes.conf @@ -0,0 +1,29 @@ +## Mailbox definitions +## + + +# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. +namespace inbox { + mailbox Drafts { + special_use = \Drafts + auto = subscribe + } + + mailbox Junk { + special_use = \Junk + auto = subscribe + } + + mailbox Trash { + special_use = \Trash + auto = subscribe + } + + mailbox Sent { + special_use = \Sent + auto = subscribe + } + mailbox "Sent Messages" { + special_use = \Sent + } +} diff --git a/install/debian/9/pma/config.inc.php b/install/debian/9/pma/config.inc.php index eafc6d67..a3803697 100644 --- a/install/debian/9/pma/config.inc.php +++ b/install/debian/9/pma/config.inc.php @@ -137,6 +137,13 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/debian/9/templates/web/apache2/basedir.stpl b/install/debian/9/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/debian/9/templates/web/apache2/basedir.stpl +++ b/install/debian/9/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/debian/9/templates/web/apache2/hosting.stpl b/install/debian/9/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/debian/9/templates/web/apache2/hosting.stpl +++ b/install/debian/9/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/phpcgi.stpl b/install/debian/9/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/debian/9/templates/web/apache2/phpcgi.stpl +++ b/install/debian/9/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/debian/9/templates/web/apache2/phpfcgid.stpl b/install/debian/9/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/debian/9/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/9/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/nginx/caching.stpl b/install/debian/9/templates/web/nginx/caching.stpl index 52641dbe..3c56004d 100755 --- a/install/debian/9/templates/web/nginx/caching.stpl +++ b/install/debian/9/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/9/templates/web/nginx/default.stpl b/install/debian/9/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/debian/9/templates/web/nginx/default.stpl +++ b/install/debian/9/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/9/templates/web/nginx/hosting.stpl b/install/debian/9/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/debian/9/templates/web/nginx/hosting.stpl +++ b/install/debian/9/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/debian/9/templates/web/nginx/http2.stpl b/install/debian/9/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/debian/9/templates/web/nginx/http2.stpl +++ b/install/debian/9/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/debian/9/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/9/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.stpl b/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.stpl new file mode 100644 index 00000000..eebb3e42 --- /dev/null +++ b/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.stpl @@ -0,0 +1,105 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.tpl b/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.tpl new file mode 100644 index 00000000..2c5c9988 --- /dev/null +++ b/install/debian/9/templates/web/nginx/php-fpm/vbulletin5.tpl @@ -0,0 +1,100 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/debian/9/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/debian/9/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/5/pma/config.inc.conf b/install/rhel/5/pma/config.inc.conf index 47ae207e..f7584089 100644 --- a/install/rhel/5/pma/config.inc.conf +++ b/install/rhel/5/pma/config.inc.conf @@ -16,6 +16,12 @@ */ $cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* * Servers configuration */ diff --git a/install/rhel/5/templates/web/httpd/basedir.stpl b/install/rhel/5/templates/web/httpd/basedir.stpl index 4ced9f38..2a3f9fbd 100644 --- a/install/rhel/5/templates/web/httpd/basedir.stpl +++ b/install/rhel/5/templates/web/httpd/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/rhel/5/templates/web/httpd/hosting.stpl b/install/rhel/5/templates/web/httpd/hosting.stpl index f94ba186..f94fdb64 100644 --- a/install/rhel/5/templates/web/httpd/hosting.stpl +++ b/install/rhel/5/templates/web/httpd/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/5/templates/web/httpd/phpcgi.stpl b/install/rhel/5/templates/web/httpd/phpcgi.stpl index 591693a4..d544411c 100644 --- a/install/rhel/5/templates/web/httpd/phpcgi.stpl +++ b/install/rhel/5/templates/web/httpd/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/rhel/5/templates/web/httpd/phpfcgid.stpl b/install/rhel/5/templates/web/httpd/phpfcgid.stpl index 3bb82cca..38c5dd17 100644 --- a/install/rhel/5/templates/web/httpd/phpfcgid.stpl +++ b/install/rhel/5/templates/web/httpd/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/5/templates/web/nginx/caching.stpl b/install/rhel/5/templates/web/nginx/caching.stpl index 67b2f6c2..5e1ac757 100755 --- a/install/rhel/5/templates/web/nginx/caching.stpl +++ b/install/rhel/5/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/rhel/5/templates/web/nginx/default.stpl b/install/rhel/5/templates/web/nginx/default.stpl index 53ad8d1b..22bbd55a 100755 --- a/install/rhel/5/templates/web/nginx/default.stpl +++ b/install/rhel/5/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; diff --git a/install/rhel/5/templates/web/nginx/hosting.stpl b/install/rhel/5/templates/web/nginx/hosting.stpl index aca458a4..c3414149 100755 --- a/install/rhel/5/templates/web/nginx/hosting.stpl +++ b/install/rhel/5/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/rhel/5/templates/web/nginx/http2.stpl b/install/rhel/5/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/rhel/5/templates/web/nginx/http2.stpl +++ b/install/rhel/5/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/5/templates/web/nginx/http2.tpl b/install/rhel/5/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/rhel/5/templates/web/nginx/http2.tpl +++ b/install/rhel/5/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/sendy.stpl b/install/rhel/5/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/rhel/5/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/6/pma/config.inc.conf b/install/rhel/6/pma/config.inc.conf index 47ae207e..f7584089 100644 --- a/install/rhel/6/pma/config.inc.conf +++ b/install/rhel/6/pma/config.inc.conf @@ -16,6 +16,12 @@ */ $cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* * Servers configuration */ diff --git a/install/rhel/6/templates/web/httpd/basedir.stpl b/install/rhel/6/templates/web/httpd/basedir.stpl index 4ced9f38..2a3f9fbd 100644 --- a/install/rhel/6/templates/web/httpd/basedir.stpl +++ b/install/rhel/6/templates/web/httpd/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/rhel/6/templates/web/httpd/hosting.stpl b/install/rhel/6/templates/web/httpd/hosting.stpl index f1c1c111..06bd6183 100644 --- a/install/rhel/6/templates/web/httpd/hosting.stpl +++ b/install/rhel/6/templates/web/httpd/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/6/templates/web/httpd/phpcgi.stpl b/install/rhel/6/templates/web/httpd/phpcgi.stpl index 591693a4..d544411c 100644 --- a/install/rhel/6/templates/web/httpd/phpcgi.stpl +++ b/install/rhel/6/templates/web/httpd/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/rhel/6/templates/web/httpd/phpfcgid.stpl b/install/rhel/6/templates/web/httpd/phpfcgid.stpl index 3bb82cca..38c5dd17 100644 --- a/install/rhel/6/templates/web/httpd/phpfcgid.stpl +++ b/install/rhel/6/templates/web/httpd/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/6/templates/web/nginx/caching.stpl b/install/rhel/6/templates/web/nginx/caching.stpl index 67b2f6c2..5e1ac757 100755 --- a/install/rhel/6/templates/web/nginx/caching.stpl +++ b/install/rhel/6/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/rhel/6/templates/web/nginx/default.stpl b/install/rhel/6/templates/web/nginx/default.stpl index 53ad8d1b..22bbd55a 100755 --- a/install/rhel/6/templates/web/nginx/default.stpl +++ b/install/rhel/6/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; diff --git a/install/rhel/6/templates/web/nginx/hosting.stpl b/install/rhel/6/templates/web/nginx/hosting.stpl index aca458a4..c3414149 100755 --- a/install/rhel/6/templates/web/nginx/hosting.stpl +++ b/install/rhel/6/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/rhel/6/templates/web/nginx/http2.stpl b/install/rhel/6/templates/web/nginx/http2.stpl index 40e79aef..cfdb9188 100644 --- a/install/rhel/6/templates/web/nginx/http2.stpl +++ b/install/rhel/6/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/6/templates/web/nginx/http2.tpl b/install/rhel/6/templates/web/nginx/http2.tpl index 826276bd..b20e2922 100644 --- a/install/rhel/6/templates/web/nginx/http2.tpl +++ b/install/rhel/6/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/sendy.stpl b/install/rhel/6/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/rhel/6/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/7/dovecot/conf.d/15-mailboxes.conf b/install/rhel/7/dovecot/conf.d/15-mailboxes.conf new file mode 100644 index 00000000..7b2bab97 --- /dev/null +++ b/install/rhel/7/dovecot/conf.d/15-mailboxes.conf @@ -0,0 +1,29 @@ +## Mailbox definitions +## + + +# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. +namespace inbox { + mailbox Drafts { + special_use = \Drafts + auto = subscribe + } + + mailbox Junk { + special_use = \Junk + auto = subscribe + } + + mailbox Trash { + special_use = \Trash + auto = subscribe + } + + mailbox Sent { + special_use = \Sent + auto = subscribe + } + mailbox "Sent Messages" { + special_use = \Sent + } +} diff --git a/install/rhel/7/pma/config.inc.conf b/install/rhel/7/pma/config.inc.conf index 47ae207e..1a65fd6c 100644 --- a/install/rhel/7/pma/config.inc.conf +++ b/install/rhel/7/pma/config.inc.conf @@ -4,24 +4,32 @@ * phpMyAdmin sample configuration, you can use it as base for * manual configuration. For easier setup you can use setup/ * - * All directives are explained in Documentation.html and on phpMyAdmin - * wiki . + * All directives are explained in documentation in the doc/ folder + * or at . * - * @package phpMyAdmin + * @package PhpMyAdmin */ -/* +/** * This is needed for cookie based authentication to encrypt password in - * cookie + * cookie. Needs to be 32 chars long. */ $cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ +/** +======= +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* * Servers configuration */ $i = 0; -/* +/** * First server */ $i++; @@ -29,44 +37,64 @@ $i++; $cfg['Servers'][$i]['auth_type'] = 'cookie'; /* Server parameters */ $cfg['Servers'][$i]['host'] = 'localhost'; -$cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['compress'] = false; -/* Select mysqli if your server has it */ -$cfg['Servers'][$i]['extension'] = 'mysql'; $cfg['Servers'][$i]['AllowNoPassword'] = false; -/* +/** * phpMyAdmin configuration storage settings. */ /* User used to manipulate with storage */ -// $cfg['Servers'][$i]['controluser'] = 'pma'; -// $cfg['Servers'][$i]['controlpass'] = 'pmapass'; +$cfg['Servers'][$i]['controlhost'] = ''; +$cfg['Servers'][$i]['controlport'] = ''; +$cfg['Servers'][$i]['controluser'] = 'phpmyadmin'; +$cfg['Servers'][$i]['controlpass'] = '%phpmyadmin_pass%'; /* Storage database and tables */ -// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; -// $cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark'; -// $cfg['Servers'][$i]['relation'] = 'pma_relation'; -// $cfg['Servers'][$i]['table_info'] = 'pma_table_info'; -// $cfg['Servers'][$i]['table_coords'] = 'pma_table_coords'; -// $cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages'; -// $cfg['Servers'][$i]['column_info'] = 'pma_column_info'; -// $cfg['Servers'][$i]['history'] = 'pma_history'; -// $cfg['Servers'][$i]['tracking'] = 'pma_tracking'; -// $cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords'; -// $cfg['Servers'][$i]['userconfig'] = 'pma_userconfig'; -/* Contrib / Swekey authentication */ -// $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; +$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin'; +$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark'; +$cfg['Servers'][$i]['relation'] = 'pma__relation'; +$cfg['Servers'][$i]['table_info'] = 'pma__table_info'; +$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords'; +$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages'; +$cfg['Servers'][$i]['column_info'] = 'pma__column_info'; +$cfg['Servers'][$i]['history'] = 'pma__history'; +$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs'; +$cfg['Servers'][$i]['tracking'] = 'pma__tracking'; +$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig'; +$cfg['Servers'][$i]['recent'] = 'pma__recent'; +$cfg['Servers'][$i]['favorite'] = 'pma__favorite'; +$cfg['Servers'][$i]['users'] = 'pma__users'; +$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups'; +$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding'; +$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; +$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; +$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; +$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; -/* +/** * End of servers configuration */ -/* +/** * Directories for saving/loading files from server */ -$cfg['UploadDir'] = ''; -$cfg['SaveDir'] = ''; +$cfg['UploadDir'] = '/var/lib/phpMyAdmin/upload'; +$cfg['SaveDir'] = '/var/lib/phpMyAdmin/save'; + +/* + * Temp dir for faster beahivour + * +*/ +$cfg['TempDir'] = '/tmp'; + + +/** + * Whether to display icons or text or both icons and text in table row + * action segment. Value can be either of 'icons', 'text' or 'both'. + * default = 'both' + */ +//$cfg['RowActionType'] = 'icons'; /** * Defines whether a user should be displayed a "show all (records)" @@ -78,25 +106,21 @@ $cfg['SaveDir'] = ''; /** * Number of rows displayed when browsing a result set. If the result * set contains more rows, "Previous" and "Next". - * default = 30 + * Possible values: 25, 50, 100, 250, 500 + * default = 25 */ //$cfg['MaxRows'] = 50; /** - * Use graphically less intense menu tabs - * default = false - */ -//$cfg['LightTabs'] = true; - -/** - * disallow editing of binary fields + * Disallow editing of binary fields * valid values are: - * false allow editing - * 'blob' allow editing except for BLOB fields - * 'all' disallow editing - * default = blob + * false allow editing + * 'blob' allow editing except for BLOB fields + * 'noblob' disallow editing except for BLOB fields + * 'all' disallow editing + * default = 'blob' */ -//$cfg['ProtectBinary'] = 'false'; +//$cfg['ProtectBinary'] = false; /** * Default language to use, if not browser-defined or user-defined @@ -107,12 +131,6 @@ $cfg['SaveDir'] = ''; //$cfg['DefaultLang'] = 'en'; //$cfg['DefaultLang'] = 'de'; -/** - * default display direction (horizontal|vertical|horizontalflipped) - */ -//$cfg['DefaultDisplay'] = 'vertical'; - - /** * How many columns should be used for table display of a database? * (a value larger than 1 results in some information being hidden) @@ -131,13 +149,21 @@ $cfg['SaveDir'] = ''; /** * When using DB-based query history, how many entries should be kept? - * * default = 25 */ //$cfg['QueryHistoryMax'] = 100; -/* - * You can find more configuration options in Documentation.html - * or here: http://wiki.phpmyadmin.net/pma/Config +/** + * Whether or not to query the user before sending the error report to + * the phpMyAdmin team when a JavaScript error occurs + * + * Available options + * ('ask' | 'always' | 'never') + * default = 'ask' + */ +//$cfg['SendErrorReports'] = 'always'; + +/** + * You can find more configuration options in the documentation + * in the doc/ folder or at . */ -?> diff --git a/install/rhel/7/templates/web/httpd/basedir.stpl b/install/rhel/7/templates/web/httpd/basedir.stpl index 95221539..210edc13 100644 --- a/install/rhel/7/templates/web/httpd/basedir.stpl +++ b/install/rhel/7/templates/web/httpd/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/rhel/7/templates/web/httpd/hosting.stpl b/install/rhel/7/templates/web/httpd/hosting.stpl index 673c9c01..699c413b 100644 --- a/install/rhel/7/templates/web/httpd/hosting.stpl +++ b/install/rhel/7/templates/web/httpd/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/7/templates/web/httpd/phpcgi.stpl b/install/rhel/7/templates/web/httpd/phpcgi.stpl index 1f7b3547..1eb39e0a 100644 --- a/install/rhel/7/templates/web/httpd/phpcgi.stpl +++ b/install/rhel/7/templates/web/httpd/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/rhel/7/templates/web/httpd/phpfcgid.stpl b/install/rhel/7/templates/web/httpd/phpfcgid.stpl index 6d7e81df..31f09bc1 100644 --- a/install/rhel/7/templates/web/httpd/phpfcgid.stpl +++ b/install/rhel/7/templates/web/httpd/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/rhel/7/templates/web/nginx/caching.stpl b/install/rhel/7/templates/web/nginx/caching.stpl index 67b2f6c2..5e1ac757 100755 --- a/install/rhel/7/templates/web/nginx/caching.stpl +++ b/install/rhel/7/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/rhel/7/templates/web/nginx/default.stpl b/install/rhel/7/templates/web/nginx/default.stpl index 53ad8d1b..22bbd55a 100755 --- a/install/rhel/7/templates/web/nginx/default.stpl +++ b/install/rhel/7/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; diff --git a/install/rhel/7/templates/web/nginx/hosting.stpl b/install/rhel/7/templates/web/nginx/hosting.stpl index aca458a4..c3414149 100755 --- a/install/rhel/7/templates/web/nginx/hosting.stpl +++ b/install/rhel/7/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/httpd/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/rhel/7/templates/web/nginx/http2.stpl b/install/rhel/7/templates/web/nginx/http2.stpl index 76dd2f8e..f225becd 100644 --- a/install/rhel/7/templates/web/nginx/http2.stpl +++ b/install/rhel/7/templates/web/nginx/http2.stpl @@ -1,17 +1,16 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass https://%ip%:%web_ssl_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %sdocroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/7/templates/web/nginx/http2.tpl b/install/rhel/7/templates/web/nginx/http2.tpl index c1fec114..4d5c774b 100644 --- a/install/rhel/7/templates/web/nginx/http2.tpl +++ b/install/rhel/7/templates/web/nginx/http2.tpl @@ -1,14 +1,14 @@ server { listen %ip%:%proxy_port%; server_name %domain_idn% %alias_idn%; - error_log /var/log/httpd/domains/%domain%.error.log error; + error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { proxy_pass http://%ip%:%web_port%; location ~* ^.+\.(%proxy_extentions%)$ { root %docroot%; - access_log /var/log/httpd/domains/%domain%.log combined; - access_log /var/log/httpd/domains/%domain%.bytes bytes; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; expires max; try_files $uri @fallback; } diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/sendy.stpl b/install/rhel/7/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/rhel/7/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/rhel/8/vsftpd/vsftpd.conf b/install/rhel/8/vsftpd/vsftpd.conf new file mode 100644 index 00000000..75e0104f --- /dev/null +++ b/install/rhel/8/vsftpd/vsftpd.conf @@ -0,0 +1,40 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_promiscuous=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES +utf8_filesystem=YES +ssl_enable=YES +allow_anon_ssl=NO +require_ssl_reuse=NO +ssl_ciphers=HIGH +ssl_tlsv1=YES +ssl_sslv2=NO +ssl_sslv3=NO +force_local_data_ssl=NO +force_local_logins_ssl=NO +rsa_cert_file=/usr/local/vesta/ssl/certificate.crt +rsa_private_key_file=/usr/local/vesta/ssl/certificate.key diff --git a/install/ubuntu/12.04/pma/config.inc.php b/install/ubuntu/12.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/12.04/pma/config.inc.php +++ b/install/ubuntu/12.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/12.04/templates/web/apache2/basedir.stpl b/install/ubuntu/12.04/templates/web/apache2/basedir.stpl index dda3aa76..fe0b5b40 100644 --- a/install/ubuntu/12.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/12.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/12.04/templates/web/apache2/hosting.stpl b/install/ubuntu/12.04/templates/web/apache2/hosting.stpl index 627325e0..e1442ce2 100644 --- a/install/ubuntu/12.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/12.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl index aa807091..40ce5fb2 100644 --- a/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/12.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl index 88cea0e6..5d27efcd 100644 --- a/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/12.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/12.04/templates/web/nginx/caching.stpl b/install/ubuntu/12.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/12.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.04/templates/web/nginx/default.stpl b/install/ubuntu/12.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/12.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.04/templates/web/nginx/hosting.stpl b/install/ubuntu/12.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/12.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/12.04/templates/web/nginx/http2.stpl b/install/ubuntu/12.04/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/12.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/12.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/pma/config.inc.php b/install/ubuntu/12.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/12.10/pma/config.inc.php +++ b/install/ubuntu/12.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/12.10/templates/web/apache2/basedir.stpl b/install/ubuntu/12.10/templates/web/apache2/basedir.stpl index dda3aa76..fe0b5b40 100644 --- a/install/ubuntu/12.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/12.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/12.10/templates/web/apache2/hosting.stpl b/install/ubuntu/12.10/templates/web/apache2/hosting.stpl index 627325e0..e1442ce2 100644 --- a/install/ubuntu/12.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/12.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl index aa807091..40ce5fb2 100644 --- a/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/12.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl index 88cea0e6..5d27efcd 100644 --- a/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/12.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/12.10/templates/web/nginx/caching.stpl b/install/ubuntu/12.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/12.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.10/templates/web/nginx/default.stpl b/install/ubuntu/12.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/12.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.10/templates/web/nginx/hosting.stpl b/install/ubuntu/12.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/12.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/12.10/templates/web/nginx/http2.stpl b/install/ubuntu/12.10/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/12.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/12.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/pma/config.inc.php b/install/ubuntu/13.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/13.04/pma/config.inc.php +++ b/install/ubuntu/13.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/13.04/templates/web/apache2/basedir.stpl b/install/ubuntu/13.04/templates/web/apache2/basedir.stpl index dda3aa76..fe0b5b40 100644 --- a/install/ubuntu/13.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/13.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/13.04/templates/web/apache2/hosting.stpl b/install/ubuntu/13.04/templates/web/apache2/hosting.stpl index ce0763ae..be7ef310 100644 --- a/install/ubuntu/13.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/13.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl index aa807091..40ce5fb2 100644 --- a/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/13.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl index 88cea0e6..5d27efcd 100644 --- a/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/13.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/13.04/templates/web/nginx/caching.stpl b/install/ubuntu/13.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/13.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.04/templates/web/nginx/default.stpl b/install/ubuntu/13.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/13.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.04/templates/web/nginx/hosting.stpl b/install/ubuntu/13.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/13.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/13.04/templates/web/nginx/http2.stpl b/install/ubuntu/13.04/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/13.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/13.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/pma/config.inc.php b/install/ubuntu/13.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/13.10/pma/config.inc.php +++ b/install/ubuntu/13.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/13.10/templates/web/apache2/basedir.stpl b/install/ubuntu/13.10/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/13.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/13.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/13.10/templates/web/apache2/hosting.stpl b/install/ubuntu/13.10/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/13.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/13.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/13.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/13.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/13.10/templates/web/nginx/caching.stpl b/install/ubuntu/13.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/13.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.10/templates/web/nginx/default.stpl b/install/ubuntu/13.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/13.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.10/templates/web/nginx/hosting.stpl b/install/ubuntu/13.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/13.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/13.10/templates/web/nginx/http2.stpl b/install/ubuntu/13.10/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/13.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/13.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/pma/config.inc.php b/install/ubuntu/14.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/14.04/pma/config.inc.php +++ b/install/ubuntu/14.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/14.04/templates/web/apache2/basedir.stpl b/install/ubuntu/14.04/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/14.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/14.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/14.04/templates/web/apache2/hosting.stpl b/install/ubuntu/14.04/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/14.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/14.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/14.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/14.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/14.04/templates/web/nginx/caching.stpl b/install/ubuntu/14.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/14.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.04/templates/web/nginx/default.stpl b/install/ubuntu/14.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/14.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.04/templates/web/nginx/hosting.stpl b/install/ubuntu/14.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/14.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/14.04/templates/web/nginx/http2.stpl b/install/ubuntu/14.04/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/14.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/14.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/pma/config.inc.php b/install/ubuntu/14.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/14.10/pma/config.inc.php +++ b/install/ubuntu/14.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/14.10/templates/web/apache2/basedir.stpl b/install/ubuntu/14.10/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/14.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/14.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/14.10/templates/web/apache2/hosting.stpl b/install/ubuntu/14.10/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/14.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/14.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/14.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/14.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/14.10/templates/web/nginx/caching.stpl b/install/ubuntu/14.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/14.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.10/templates/web/nginx/default.stpl b/install/ubuntu/14.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/14.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.10/templates/web/nginx/hosting.stpl b/install/ubuntu/14.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/14.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/14.10/templates/web/nginx/http2.stpl b/install/ubuntu/14.10/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/14.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/14.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/pma/config.inc.php b/install/ubuntu/15.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/15.04/pma/config.inc.php +++ b/install/ubuntu/15.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/15.04/templates/web/apache2/basedir.stpl b/install/ubuntu/15.04/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/15.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/15.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/15.04/templates/web/apache2/hosting.stpl b/install/ubuntu/15.04/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/15.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/15.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/15.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/15.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/15.04/templates/web/nginx/caching.stpl b/install/ubuntu/15.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/15.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.04/templates/web/nginx/default.stpl b/install/ubuntu/15.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/15.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.04/templates/web/nginx/hosting.stpl b/install/ubuntu/15.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/15.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/15.04/templates/web/nginx/http2.stpl b/install/ubuntu/15.04/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/15.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/15.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/pma/config.inc.php b/install/ubuntu/15.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/15.10/pma/config.inc.php +++ b/install/ubuntu/15.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/15.10/templates/web/apache2/basedir.stpl b/install/ubuntu/15.10/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/15.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/15.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/15.10/templates/web/apache2/hosting.stpl b/install/ubuntu/15.10/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/15.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/15.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/15.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/15.10/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/15.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/15.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/15.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/15.10/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/15.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/15.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/15.10/templates/web/nginx/caching.stpl b/install/ubuntu/15.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/15.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.10/templates/web/nginx/default.stpl b/install/ubuntu/15.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/15.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.10/templates/web/nginx/hosting.stpl b/install/ubuntu/15.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/15.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/15.10/templates/web/nginx/http2.stpl b/install/ubuntu/15.10/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/15.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/15.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/16.04/pma/config.inc.php b/install/ubuntu/16.04/pma/config.inc.php index d8a903e4..fb131d65 100644 --- a/install/ubuntu/16.04/pma/config.inc.php +++ b/install/ubuntu/16.04/pma/config.inc.php @@ -139,6 +139,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/16.04/templates/web/apache2/basedir.stpl b/install/ubuntu/16.04/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/16.04/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/16.04/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/16.04/templates/web/apache2/hosting.stpl b/install/ubuntu/16.04/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/16.04/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/16.04/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/16.04/templates/web/apache2/phpcgi.stpl b/install/ubuntu/16.04/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/16.04/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/16.04/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/16.04/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/16.04/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/16.04/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/16.04/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/16.04/templates/web/nginx/caching.stpl b/install/ubuntu/16.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/16.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.04/templates/web/nginx/default.stpl b/install/ubuntu/16.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/16.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.04/templates/web/nginx/hosting.stpl b/install/ubuntu/16.04/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/16.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/16.04/templates/web/nginx/http2.stpl b/install/ubuntu/16.04/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/16.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/16.04/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/16.10/pma/config.inc.php b/install/ubuntu/16.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/16.10/pma/config.inc.php +++ b/install/ubuntu/16.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/16.10/templates/web/apache2/basedir.stpl b/install/ubuntu/16.10/templates/web/apache2/basedir.stpl index d978d4c4..2db1d52c 100644 --- a/install/ubuntu/16.10/templates/web/apache2/basedir.stpl +++ b/install/ubuntu/16.10/templates/web/apache2/basedir.stpl @@ -15,7 +15,7 @@ AllowOverride All SSLRequireSSL Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" diff --git a/install/ubuntu/16.10/templates/web/apache2/hosting.stpl b/install/ubuntu/16.10/templates/web/apache2/hosting.stpl index 8892072b..c9c19512 100644 --- a/install/ubuntu/16.10/templates/web/apache2/hosting.stpl +++ b/install/ubuntu/16.10/templates/web/apache2/hosting.stpl @@ -22,7 +22,7 @@ php_admin_flag mysql.allow_persistent off php_admin_flag safe_mode off php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" - php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/16.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/16.10/templates/web/apache2/phpcgi.stpl index 731355bc..ae560dbe 100644 --- a/install/ubuntu/16.10/templates/web/apache2/phpcgi.stpl +++ b/install/ubuntu/16.10/templates/web/apache2/phpcgi.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp Action phpcgi-script /cgi-bin/php diff --git a/install/ubuntu/16.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/16.10/templates/web/apache2/phpfcgid.stpl index 156c8a91..bc3688d9 100644 --- a/install/ubuntu/16.10/templates/web/apache2/phpfcgid.stpl +++ b/install/ubuntu/16.10/templates/web/apache2/phpfcgid.stpl @@ -15,7 +15,7 @@ SSLRequireSSL AllowOverride All Options +Includes -Indexes +ExecCGI - php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/ubuntu/16.10/templates/web/nginx/caching.stpl b/install/ubuntu/16.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/16.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.10/templates/web/nginx/default.stpl b/install/ubuntu/16.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/16.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.10/templates/web/nginx/hosting.stpl b/install/ubuntu/16.10/templates/web/nginx/hosting.stpl index d778d633..62620789 100755 --- a/install/ubuntu/16.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; @@ -31,7 +30,7 @@ server { location ~ /\.hg/ {return 404;} location ~ /\.bzr/ {return 404;} - disable_symlinks if_not_owner from=%docroot%; + disable_symlinks if_not_owner from=%sdocroot%; include %home%/%user%/conf/web/snginx.%domain%.conf*; } diff --git a/install/ubuntu/16.10/templates/web/nginx/http2.stpl b/install/ubuntu/16.10/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/16.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/sendy.stpl index 0b351000..e7f3dcc6 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/sendy.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/sendy.stpl @@ -3,7 +3,7 @@ server { server_name %domain_idn% %alias_idn%; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl index 0d933b30..0d9793ae 100644 --- a/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -1,7 +1,7 @@ server { listen %ip%:%web_ssl_port%; server_name %domain_idn% %alias_idn%; - root %docroot%; + root %sdocroot%; index index.php index.html index.htm; access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.bytes bytes; diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl new file mode 100644 index 00000000..f33ed507 --- /dev/null +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl new file mode 100644 index 00000000..c0a5239e --- /dev/null +++ b/install/ubuntu/16.10/templates/web/nginx/php-fpm/wordpress2_wp_super_cache.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + set $cache_uri $request_uri; + + if ($request_method = POST) { + set $cache_uri 'null cache'; + } + + if ($query_string != "") { + set $cache_uri 'null cache'; + } + + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php + |wp-.*.php|/feed/|index.php|wp-comments-popup.php + |wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml + |[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { + set $cache_uri 'null cache'; + } + + if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+ + |wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") { + set $cache_uri 'null cache'; + } + + location / { + try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/17.04/pma/config.inc.php b/install/ubuntu/17.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/17.04/pma/config.inc.php +++ b/install/ubuntu/17.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/17.04/templates/web/nginx/caching.stpl b/install/ubuntu/17.04/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/17.04/templates/web/nginx/caching.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/17.04/templates/web/nginx/default.stpl b/install/ubuntu/17.04/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/17.04/templates/web/nginx/default.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/17.04/templates/web/nginx/hosting.stpl b/install/ubuntu/17.04/templates/web/nginx/hosting.stpl index d778d633..1ef8994b 100755 --- a/install/ubuntu/17.04/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/17.04/templates/web/nginx/http2.stpl b/install/ubuntu/17.04/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/17.04/templates/web/nginx/http2.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/17.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/17.10/pma/config.inc.php b/install/ubuntu/17.10/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/17.10/pma/config.inc.php +++ b/install/ubuntu/17.10/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/17.10/templates/web/nginx/caching.stpl b/install/ubuntu/17.10/templates/web/nginx/caching.stpl index 5e0e4064..e149b98b 100755 --- a/install/ubuntu/17.10/templates/web/nginx/caching.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/caching.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/17.10/templates/web/nginx/default.stpl b/install/ubuntu/17.10/templates/web/nginx/default.stpl index fa538060..0e669b3d 100755 --- a/install/ubuntu/17.10/templates/web/nginx/default.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/default.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/17.10/templates/web/nginx/hosting.stpl b/install/ubuntu/17.10/templates/web/nginx/hosting.stpl index d778d633..1ef8994b 100755 --- a/install/ubuntu/17.10/templates/web/nginx/hosting.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/hosting.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/17.10/templates/web/nginx/http2.stpl b/install/ubuntu/17.10/templates/web/nginx/http2.stpl index 72e72a90..f225becd 100644 --- a/install/ubuntu/17.10/templates/web/nginx/http2.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/http2.stpl @@ -1,7 +1,6 @@ server { - listen %ip%:%proxy_ssl_port% http2; + listen %ip%:%proxy_ssl_port% ssl http2; server_name %domain_idn% %alias_idn%; - ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl index 0af7ce84..9d984000 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -10,63 +10,53 @@ server { ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl index 030ea952..0d7930fa 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -11,62 +11,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl index 030ea952..6fd64db6 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -11,63 +11,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/17.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf b/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf index 55313419..7a20878a 100644 --- a/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf +++ b/install/ubuntu/18.04/dovecot/conf.d/10-mail.conf @@ -2,3 +2,8 @@ mail_privileged_group = mail mail_access_groups = mail mail_location = maildir:%h/mail/%d/%n pop3_uidl_format = %08Xu%08Xv +namespace inbox { + inbox = yes +} +first_valid_uid = 1000 +mbox_write_locks = fcntl diff --git a/install/ubuntu/18.04/dovecot/conf.d/15-mailboxes.conf b/install/ubuntu/18.04/dovecot/conf.d/15-mailboxes.conf new file mode 100644 index 00000000..7b2bab97 --- /dev/null +++ b/install/ubuntu/18.04/dovecot/conf.d/15-mailboxes.conf @@ -0,0 +1,29 @@ +## Mailbox definitions +## + + +# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf. +namespace inbox { + mailbox Drafts { + special_use = \Drafts + auto = subscribe + } + + mailbox Junk { + special_use = \Junk + auto = subscribe + } + + mailbox Trash { + special_use = \Trash + auto = subscribe + } + + mailbox Sent { + special_use = \Sent + auto = subscribe + } + mailbox "Sent Messages" { + special_use = \Sent + } +} diff --git a/install/ubuntu/18.04/dovecot/dovecot.conf b/install/ubuntu/18.04/dovecot/dovecot.conf index 163460ba..0a855351 100644 --- a/install/ubuntu/18.04/dovecot/dovecot.conf +++ b/install/ubuntu/18.04/dovecot/dovecot.conf @@ -2,23 +2,3 @@ protocols = imap pop3 listen = *, :: base_dir = /var/run/dovecot/ !include conf.d/*.conf - -namespace inbox { - type = private - separator = / - prefix = - inbox = yes - - mailbox Sent { - auto = subscribe - special_use = \Sent - } - mailbox Drafts { - auto = subscribe - special_use = \Drafts - } - mailbox Trash { - auto = subscribe - special_use = \Trash - } -} diff --git a/install/ubuntu/18.04/nginx/nginx.conf b/install/ubuntu/18.04/nginx/nginx.conf index dc2cf1dd..790aee49 100644 --- a/install/ubuntu/18.04/nginx/nginx.conf +++ b/install/ubuntu/18.04/nginx/nginx.conf @@ -50,7 +50,6 @@ http { # Compression gzip on; - gzip_vary on; gzip_static on; gzip_vary on; gzip_comp_level 6; diff --git a/install/ubuntu/18.04/pma/config.inc.php b/install/ubuntu/18.04/pma/config.inc.php index a643a065..36093369 100644 --- a/install/ubuntu/18.04/pma/config.inc.php +++ b/install/ubuntu/18.04/pma/config.inc.php @@ -137,6 +137,12 @@ if (!empty($dbname)) { $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/* + * Temp dir for faster beahivour + * + */ +$cfg['TempDir'] = '/tmp'; + /* Support additional configurations */ foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) { diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl index 93f8c55a..6b20ba9d 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.stpl @@ -9,63 +9,53 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - + location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri @rewrite; - expires max; - log_not_found off; - } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl index d1096bff..0ae7568b 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal6.tpl @@ -7,62 +7,52 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + try_files $uri @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl index 917c0c80..041ebba0 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.stpl @@ -10,62 +10,56 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } location / { - try_files $uri /index.php?$query_string; - } + location = /favicon.ico { + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ \..*/.*\.php$ { + return 403; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~ ^/sites/.*/private/ { + return 403; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl index c9729795..6b41f319 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal7.tpl @@ -7,62 +7,56 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + try_files $uri /index.php?$query_string; - } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } error_page 403 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl index 917c0c80..231d9441 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.stpl @@ -10,63 +10,62 @@ server { ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; - location = /favicon.ico { - log_not_found off; - access_log off; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + try_files $uri /index.php?$query_string; - } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } error_page 403 /error/404.html; error_page 404 /error/404.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl index c9729795..452aa9e6 100644 --- a/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/drupal8.tpl @@ -7,64 +7,63 @@ server { access_log /var/log/nginx/domains/%domain%.bytes bytes; error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; } - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } - location ~ /vendor/.*\.php$ { - deny all; - return 404; + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } } - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - error_page 403 /error/404.html; error_page 404 /error/404.html; error_page 500 502 503 504 /error/50x.html; diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.stpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.stpl new file mode 100644 index 00000000..eebb3e42 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.stpl @@ -0,0 +1,105 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.tpl b/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.tpl new file mode 100644 index 00000000..2c5c9988 --- /dev/null +++ b/install/ubuntu/18.04/templates/web/nginx/php-fpm/vbulletin5.tpl @@ -0,0 +1,100 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/apache2/apache2.conf b/install/ubuntu/18.10/apache2/apache2.conf new file mode 100644 index 00000000..2756132a --- /dev/null +++ b/install/ubuntu/18.10/apache2/apache2.conf @@ -0,0 +1,94 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 30 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/ubuntu/18.10/apache2/status.conf b/install/ubuntu/18.10/apache2/status.conf new file mode 100644 index 00000000..da9d9633 --- /dev/null +++ b/install/ubuntu/18.10/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + Allow from all + diff --git a/install/ubuntu/18.10/bind/named.conf b/install/ubuntu/18.10/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/ubuntu/18.10/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/ubuntu/18.10/clamav/clamd.conf b/install/ubuntu/18.10/clamav/clamd.conf new file mode 100644 index 00000000..4e04356e --- /dev/null +++ b/install/ubuntu/18.10/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean false +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +DetectBrokenExecutables false +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 25M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/ubuntu/18.10/deb_signing.key b/install/ubuntu/18.10/deb_signing.key new file mode 100644 index 00000000..2ad2db8b --- /dev/null +++ b/install/ubuntu/18.10/deb_signing.key @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQENBFJIGbEBCAC8SHOOFo7iDTbnC2GhNZ+uBGCh226Dn1QPoFZNFM/DNakHZ6rD +G3wzr8++eKz4fJual/VLllE2N9XDPuxbozb3LLkcyY1WzJqtIXbXhFGQ/SuIeT+x +QY90XU6t2Ckze2c+zUniAWmJ8GSyVmXOoc9JxAQ1u47wvGXLzrjWXc8u8PNRYXuf +fZplTL+dFu9P0d6lP8FGsV+r9wXvvazpRTz3+H8PKrGCYT55ZQIEdG9Jgamylto2 +oVPFXkwGML+TLw6oeCIBuz2y2vtivphW4MJ3ifQjDj7k3n+DTIxfDFs8lB6VRhhY +2nMHCrcZC6U2mhmXmr6O4s1fu6irBVx05ejPABEBAAG0IFNlcmdoZXkgUm9kaW4g +PHNraWRAdmVzdGFjcC5jb20+iQE4BBMBAgAiBQJSSBmxAhsDBgsJCAcDAgYVCAIJ +CgsEFgIDAQIeAQIXgAAKCRBCxbITCh93FPdqB/93GjV9g+wBfeZYLHQK9MDU2wBb +VloYOJJae6IvYKYQVAJayD3PbHdpxrF8s9e23vdnmb9jKu6jX6oV54EIyqP2HPiN +QYc8wcea+eSHerznBixCtoQh8mtdWGFeN71zU/ig7L5qlOVF/EmxDVZTFUeivFxh +IV6qyBnktQKktE45585yKZyyLtfGoXA54DGK69OtJFh+wdkKEMmUXocMl7wUrxW6 +Cx2CuKeEXEgvwu8mRHQi3S3T9XP456qWEn5dWyMVcP660IzEuZfSJApZusNK7zG3 +WMy0/EuX7xHNY3mcNxTOUN1LsO7iHnhHD9+iKWJo9parGkMZzc92MpjDK/g7uQEN +BFJIGbEBCAC7k5QEA9WQM7E3ceNaeLMrA9lXfuzaNCcySq7ONdVAa5PxzbSKdHvz +QFoL1VFqBTYQ038lbil1XqnoM0zvIfAI3LcpS8sq92El/vPxp6jZh2Ari9Uw7x95 +k2cZMgI67g+zQMGdjVRA155nFQRCgg000xU4F7JA6+WsuLlVUmccsDv7YWJExMtC +YPxiuz5DFu8RALnw4Ckts+dbwsrcvUHhkm9b6RAsdCKjjRpUZjLgdltjH83gUVvt +i1YmdjjsVpt95dtsaG+ad852g/Rk8EdxNMkjPF6HLA67CLADP9wYaj80yPcPtylS +ycvPtcclVeHkFBRVM8xZpQd4iD19MWI1ABEBAAGJAR8EGAECAAkFAlJIGbECGwwA +CgkQQsWyEwofdxQ7tQgAhB0FwTs7L8Qr63DHC2yAnXVxgtTAY1/36CccNXVculyR ++EkLcwahms9AKhz7eQb+Mud+5vH0GRohLp2npgO38CjVUfIP5d+Y6dsthmrkF6p8 +XdV1dVK9vWX+i/YZSw/Mded30Cq4P2Yhq9EaemMT0rtli8lz2NnkZ9dFJZk1lzJC +CZmRpbjSNWqRU4f7qyh21lYk/OC/0XE8fh8CaO23TZ+6gBionoCztwb7NyC9OArN +qYlNnbmh9iNqdblykPS3bkjf34n2xyMgnIehNrM89tk8PY4UfNPhgT1TMD9W3Svq +ynNZvLuF/FIDwDeC1qcfjGbfDn9fXO/lMIIRooQYKQ== +=J2HJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-auth.conf b/install/ubuntu/18.10/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-logging.conf b/install/ubuntu/18.10/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-mail.conf b/install/ubuntu/18.10/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..7a20878a --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-mail.conf @@ -0,0 +1,9 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv +namespace inbox { + inbox = yes +} +first_valid_uid = 1000 +mbox_write_locks = fcntl diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-master.conf b/install/ubuntu/18.10/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/ubuntu/18.10/dovecot/conf.d/10-ssl.conf b/install/ubuntu/18.10/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..24cbf3e2 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,5 @@ +ssl = yes +ssl_protocols = !SSLv2 !SSLv3 + +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + #mail_max_userip_connections = 10 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/ubuntu/18.10/dovecot/conf.d/auth-passwdfile.conf.ext b/install/ubuntu/18.10/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/ubuntu/18.10/dovecot/dovecot.conf b/install/ubuntu/18.10/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/ubuntu/18.10/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/ubuntu/18.10/exim/dnsbl.conf b/install/ubuntu/18.10/exim/dnsbl.conf new file mode 100644 index 00000000..5166b255 --- /dev/null +++ b/install/ubuntu/18.10/exim/dnsbl.conf @@ -0,0 +1,2 @@ +bl.spamcop.net +zen.spamhaus.org diff --git a/install/ubuntu/18.10/exim/exim4.conf.template b/install/ubuntu/18.10/exim/exim4.conf.template new file mode 100644 index 00000000..c904441f --- /dev/null +++ b/install/ubuntu/18.10/exim/exim4.conf.template @@ -0,0 +1,382 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +add_environment = <; PATH=/bin:/usr/bin +keep_environment = +disable_ipv6 = true + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 5s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lc:${domain:$h_from:}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### +begin acl + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth required + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = * + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{1024K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = debian-spamd:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +userforward: + driver = redirect + check_local_user + file = $home/.forward + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/$domain/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/fwd_only}{true}{false}}}} + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{yes}{no_such_user}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/$domain/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #helo_data = $sender_address_domain + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/$domain/passwd}}}}/mail/$domain/$local_part" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/$domain/autoreply.${local_part}.msg + from = "${local_part}@${domain}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/ubuntu/18.10/exim/spam-blocks.conf b/install/ubuntu/18.10/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/ubuntu/18.10/fail2ban/action.d/vesta.conf b/install/ubuntu/18.10/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/ubuntu/18.10/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/ubuntu/18.10/fail2ban/filter.d/vesta.conf b/install/ubuntu/18.10/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..69670a56 --- /dev/null +++ b/install/ubuntu/18.10/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccesfull Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/ubuntu/18.10/fail2ban/jail.local b/install/ubuntu/18.10/fail2ban/jail.local new file mode 100644 index 00000000..013f81c4 --- /dev/null +++ b/install/ubuntu/18.10/fail2ban/jail.local @@ -0,0 +1,51 @@ +[DEFAULT] +ignoreip = 127.0.0.1/8 + +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog +maxretry = 5 + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log +maxretry = 5 + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 + +[roundcube-auth] +enabled = false +filter = roundcube-auth +port = http,https +logpath = /var/log/roundcube/errors +maxretry = 5 diff --git a/install/ubuntu/18.10/firewall/ports.conf b/install/ubuntu/18.10/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/ubuntu/18.10/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/ubuntu/18.10/firewall/rules.conf b/install/ubuntu/18.10/firewall/rules.conf new file mode 100644 index 00000000..fba98e1e --- /dev/null +++ b/install/ubuntu/18.10/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/ubuntu/18.10/logrotate/apache2 b/install/ubuntu/18.10/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/ubuntu/18.10/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/ubuntu/18.10/logrotate/dovecot b/install/ubuntu/18.10/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/ubuntu/18.10/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/ubuntu/18.10/logrotate/nginx b/install/ubuntu/18.10/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/ubuntu/18.10/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/ubuntu/18.10/logrotate/vesta b/install/ubuntu/18.10/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/ubuntu/18.10/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/ubuntu/18.10/mysql/my-large.cnf b/install/ubuntu/18.10/mysql/my-large.cnf new file mode 100644 index 00000000..7201377c --- /dev/null +++ b/install/ubuntu/18.10/mysql/my-large.cnf @@ -0,0 +1,41 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.10/mysql/my-medium.cnf b/install/ubuntu/18.10/mysql/my-medium.cnf new file mode 100644 index 00000000..1c10ab9a --- /dev/null +++ b/install/ubuntu/18.10/mysql/my-medium.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.10/mysql/my-small.cnf b/install/ubuntu/18.10/mysql/my-small.cnf new file mode 100644 index 00000000..26a80478 --- /dev/null +++ b/install/ubuntu/18.10/mysql/my-small.cnf @@ -0,0 +1,40 @@ +[client] +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysqld] +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +!includedir /etc/mysql/conf.d/ diff --git a/install/ubuntu/18.10/nginx/nginx.conf b/install/ubuntu/18.10/nginx/nginx.conf new file mode 100644 index 00000000..790aee49 --- /dev/null +++ b/install/ubuntu/18.10/nginx/nginx.conf @@ -0,0 +1,138 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +error_log /var/log/nginx/error.log; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 60s; + client_body_timeout 60s; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 60s; + keepalive_timeout 30s; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_static on; + gzip_vary on; + gzip_comp_level 6; + gzip_min_length 1024; + gzip_buffers 16 8k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_buffers 32 4k; + proxy_connect_timeout 30s; + proxy_send_timeout 90s; + proxy_read_timeout 90s; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/12; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + #set_real_ip_from 2400:cb00::/32; + #set_real_ip_from 2606:4700::/32; + #set_real_ip_from 2803:f800::/32; + #set_real_ip_from 2405:b500::/32; + #set_real_ip_from 2405:8100::/32; + #set_real_ip_from 2c0f:f248::/32; + #set_real_ip_from 2a06:98c0::/29; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/ubuntu/18.10/nginx/phpmyadmin.inc b/install/ubuntu/18.10/nginx/phpmyadmin.inc new file mode 100644 index 00000000..1feb8546 --- /dev/null +++ b/install/ubuntu/18.10/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin/; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/ubuntu/18.10/nginx/phppgadmin.inc b/install/ubuntu/18.10/nginx/phppgadmin.inc new file mode 100644 index 00000000..cd1e5806 --- /dev/null +++ b/install/ubuntu/18.10/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin/; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/18.10/nginx/status.conf b/install/ubuntu/18.10/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/ubuntu/18.10/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/ubuntu/18.10/nginx/webmail.inc b/install/ubuntu/18.10/nginx/webmail.inc new file mode 100644 index 00000000..ad66895b --- /dev/null +++ b/install/ubuntu/18.10/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube/; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/ubuntu/18.10/packages/default.pkg b/install/ubuntu/18.10/packages/default.pkg new file mode 100644 index 00000000..c2a93574 --- /dev/null +++ b/install/ubuntu/18.10/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='unlimited' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.10/packages/gainsboro.pkg b/install/ubuntu/18.10/packages/gainsboro.pkg new file mode 100644 index 00000000..76d7dae2 --- /dev/null +++ b/install/ubuntu/18.10/packages/gainsboro.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='10' +WEB_ALIASES='10' +DNS_DOMAINS='10' +DNS_RECORDS='10' +MAIL_DOMAINS='10' +MAIL_ACCOUNTS='10' +DATABASES='10' +CRON_JOBS='10' +DISK_QUOTA='10000' +BANDWIDTH='10000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='1' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.10/packages/palegreen.pkg b/install/ubuntu/18.10/packages/palegreen.pkg new file mode 100644 index 00000000..3db5fe57 --- /dev/null +++ b/install/ubuntu/18.10/packages/palegreen.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='hosting' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='50' +WEB_ALIASES='50' +DNS_DOMAINS='50' +DNS_RECORDS='50' +MAIL_DOMAINS='50' +MAIL_ACCOUNTS='50' +DATABASES='50' +CRON_JOBS='50' +DISK_QUOTA='50000' +BANDWIDTH='50000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='5' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.10/packages/slategrey.pkg b/install/ubuntu/18.10/packages/slategrey.pkg new file mode 100644 index 00000000..d89e796f --- /dev/null +++ b/install/ubuntu/18.10/packages/slategrey.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='default' +PROXY_TEMPLATE='default' +DNS_TEMPLATE='default' +WEB_DOMAINS='100' +WEB_ALIASES='100' +DNS_DOMAINS='100' +DNS_RECORDS='100' +MAIL_DOMAINS='100' +MAIL_ACCOUNTS='100' +DATABASES='100' +CRON_JOBS='100' +DISK_QUOTA='10000' +BANDWIDTH='100000' +NS='ns1.domain.tld,ns2.domain.tld' +SHELL='nologin' +BACKUPS='3' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/ubuntu/18.10/pga/config.inc.php b/install/ubuntu/18.10/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/ubuntu/18.10/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/ubuntu/18.10/pga/phppgadmin.conf b/install/ubuntu/18.10/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/ubuntu/18.10/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/ubuntu/18.10/php-fpm/www.conf b/install/ubuntu/18.10/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/ubuntu/18.10/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/ubuntu/18.10/pma/apache.conf b/install/ubuntu/18.10/pma/apache.conf new file mode 100644 index 00000000..4da6ce84 --- /dev/null +++ b/install/ubuntu/18.10/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext:/usr/share/javascript/ + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/ubuntu/18.10/pma/config.inc.php b/install/ubuntu/18.10/pma/config.inc.php new file mode 100644 index 00000000..a643a065 --- /dev/null +++ b/install/ubuntu/18.10/pma/config.inc.php @@ -0,0 +1,146 @@ + + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 20 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 + + + Umask 002 + IdentLookups off + AllowOverwrite yes + + AllowAll + + diff --git a/install/ubuntu/18.10/roundcube/apache.conf b/install/ubuntu/18.10/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/ubuntu/18.10/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/ubuntu/18.10/roundcube/config.inc.php b/install/ubuntu/18.10/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/ubuntu/18.10/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/ubuntu/18.10/roundcube/main.inc.php b/install/ubuntu/18.10/roundcube/main.inc.php new file mode 100644 index 00000000..32e0d473 --- /dev/null +++ b/install/ubuntu/18.10/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcube/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = false; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail'; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = true; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'larry'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 30 seconds +$rcmail_config['draft_autosave'] = 30; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/ubuntu/18.10/roundcube/vesta.php b/install/ubuntu/18.10/roundcube/vesta.php new file mode 100644 index 00000000..b4a2a6b6 --- /dev/null +++ b/install/ubuntu/18.10/roundcube/vesta.php @@ -0,0 +1,72 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} \ No newline at end of file diff --git a/install/ubuntu/18.10/sudo/admin b/install/ubuntu/18.10/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/ubuntu/18.10/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/ubuntu/18.10/templates/dns/child-ns.tpl b/install/ubuntu/18.10/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/ubuntu/18.10/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.10/templates/dns/default.tpl b/install/ubuntu/18.10/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/ubuntu/18.10/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.10/templates/dns/gmail.tpl b/install/ubuntu/18.10/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/ubuntu/18.10/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/ubuntu/18.10/templates/web/apache2/basedir.stpl b/install/ubuntu/18.10/templates/web/apache2/basedir.stpl new file mode 100644 index 00000000..d978d4c4 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/basedir.stpl @@ -0,0 +1,44 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/basedir.tpl b/install/ubuntu/18.10/templates/web/apache2/basedir.tpl new file mode 100644 index 00000000..96c94a1b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/basedir.tpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/default.stpl b/install/ubuntu/18.10/templates/web/apache2/default.stpl new file mode 100644 index 00000000..ec34c279 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/default.stpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/default.tpl b/install/ubuntu/18.10/templates/web/apache2/default.tpl new file mode 100644 index 00000000..3a227015 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/default.tpl @@ -0,0 +1,37 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/hosting.stpl b/install/ubuntu/18.10/templates/web/apache2/hosting.stpl new file mode 100644 index 00000000..8892072b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/hosting.stpl @@ -0,0 +1,49 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/hosting.tpl b/install/ubuntu/18.10/templates/web/apache2/hosting.tpl new file mode 100644 index 00000000..1eb26910 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/hosting.tpl @@ -0,0 +1,43 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value upload_max_filesize 10M + php_admin_value max_execution_time 20 + php_admin_value post_max_size 8M + php_admin_value memory_limit 32M + php_admin_flag mysql.allow_persistent off + php_admin_flag safe_mode off + php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" + php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + + AllowOverride All + + + RMode config + RUidGid %user% %group% + RGroups www-data + + + AssignUserID %user% %group% + + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/phpcgi.sh b/install/ubuntu/18.10/templates/web/apache2/phpcgi.sh new file mode 100755 index 00000000..6565e103 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpcgi.sh @@ -0,0 +1,16 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script='#!/usr/bin/php-cgi -cphp5-cgi.ini' +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/php" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/18.10/templates/web/apache2/phpcgi.stpl b/install/ubuntu/18.10/templates/web/apache2/phpcgi.stpl new file mode 100644 index 00000000..731355bc --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpcgi.stpl @@ -0,0 +1,38 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/phpcgi.tpl b/install/ubuntu/18.10/templates/web/apache2/phpcgi.tpl new file mode 100644 index 00000000..c6796d29 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpcgi.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + Action phpcgi-script /cgi-bin/php + + SetHandler phpcgi-script + + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/phpfcgid.sh b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.sh new file mode 100755 index 00000000..e8058249 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.sh @@ -0,0 +1,22 @@ +#!/bin/bash +# Adding php wrapper +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +wrapper_script="#!/bin/sh +PHPRC=/usr/local/lib +export PHPRC +export PHP_FCGI_MAX_REQUESTS=1000 +export PHP_FCGI_CHILDREN=20 +exec /usr/bin/php-cgi +" +wrapper_file="$home_dir/$user/web/$domain/cgi-bin/fcgi-starter" + +echo "$wrapper_script" > $wrapper_file +chown $user:$user $wrapper_file +chmod -f 751 $wrapper_file + +exit 0 diff --git a/install/ubuntu/18.10/templates/web/apache2/phpfcgid.stpl b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.stpl new file mode 100644 index 00000000..156c8a91 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.stpl @@ -0,0 +1,39 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + SSLRequireSSL + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + php_admin_value open_basedir none + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/apache2/phpfcgid.tpl b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.tpl new file mode 100644 index 00000000..a4c01269 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/apache2/phpfcgid.tpl @@ -0,0 +1,31 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + Options +Includes -Indexes +ExecCGI + php_admin_value open_basedir %docroot%:%home%/%user%/tmp + php_admin_value upload_tmp_dir %home%/%user%/tmp + php_admin_value session.save_path %home%/%user%/tmp + + SetHandler fcgid-script + + FCGIWrapper %home%/%user%/web/%domain%/cgi-bin/fcgi-starter .php + + + AllowOverride All + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/ubuntu/18.10/templates/web/awstats/awstats.tpl b/install/ubuntu/18.10/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..9a92e0fd --- /dev/null +++ b/install/ubuntu/18.10/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1 +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/ubuntu/18.10/templates/web/awstats/index.tpl b/install/ubuntu/18.10/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/ubuntu/18.10/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/ubuntu/18.10/templates/web/awstats/nav.tpl b/install/ubuntu/18.10/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/ubuntu/18.10/templates/web/nginx/caching.sh b/install/ubuntu/18.10/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/ubuntu/18.10/templates/web/nginx/caching.stpl b/install/ubuntu/18.10/templates/web/nginx/caching.stpl new file mode 100755 index 00000000..e149b98b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/caching.stpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/caching.tpl b/install/ubuntu/18.10/templates/web/nginx/caching.tpl new file mode 100755 index 00000000..36761b65 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/caching.tpl @@ -0,0 +1,41 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/default.stpl b/install/ubuntu/18.10/templates/web/nginx/default.stpl new file mode 100755 index 00000000..0e669b3d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/default.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/default.tpl b/install/ubuntu/18.10/templates/web/nginx/default.tpl new file mode 100755 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/default.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/hosting.sh b/install/ubuntu/18.10/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/ubuntu/18.10/templates/web/nginx/hosting.stpl b/install/ubuntu/18.10/templates/web/nginx/hosting.stpl new file mode 100755 index 00000000..1ef8994b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/hosting.stpl @@ -0,0 +1,37 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/hosting.tpl b/install/ubuntu/18.10/templates/web/nginx/hosting.tpl new file mode 100755 index 00000000..15961c95 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/hosting.tpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/http2.stpl b/install/ubuntu/18.10/templates/web/nginx/http2.stpl new file mode 100644 index 00000000..f225becd --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/http2.stpl @@ -0,0 +1,35 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/http2.tpl b/install/ubuntu/18.10/templates/web/nginx/http2.tpl new file mode 100644 index 00000000..4d5c774b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/http2.tpl @@ -0,0 +1,33 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..003e9180 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..51f1f408 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..e8dd8bf6 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..96495ee8 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..38de83d2 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..c9387bfb --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6b20ba9d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..0ae7568b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri @rewrite; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..041ebba0 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..6b41f319 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,85 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..231d9441 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,93 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..452aa9e6 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,90 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location / { + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + try_files $uri /index.php?$query_string; + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..886b586e --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..8e6e8774 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..5d05ea72 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..23ce8eb8 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..10629c65 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..7b3aff96 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..223eb97a --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..5b6e55e8 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..b43fdc75 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..0a4a412f --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..c9f91854 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..297fe0e8 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\. { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.stpl new file mode 100644 index 00000000..eebb3e42 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.stpl @@ -0,0 +1,105 @@ +server { + listen %ip%:%web_ssl_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.tpl new file mode 100644 index 00000000..2c5c9988 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/vbulletin5.tpl @@ -0,0 +1,100 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # legacy css being handled separate for performance + location = /css\.php { + rewrite ^ /core/css.php break; + } + + # make install available from presentation + location ^~ /install { + rewrite ^/install/ /core/install/ break; + } + + # any request to not existing item gets redirected through routestring + location / { + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + } + + # make admincp available from presentation + location ^~ /admincp { + if (!-f $request_filename) { + rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last; + } + } + + # process any php scripts, not found gets redirected through routestring + location ~ \.php$ { + # handles legacy scripts + if (!-f $request_filename) { + rewrite ^/(.*)$ /index.php?routestring=$1 break; + } + + fastcgi_split_path_info ^(.+\.php)(.*)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_intercept_errors on; + fastcgi_ignore_client_abort off; + fastcgi_connect_timeout 60; + fastcgi_send_timeout 180; + fastcgi_read_timeout 180; + fastcgi_buffers 256 16k; + fastcgi_buffer_size 32k; + fastcgi_temp_file_write_size 256k; + + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..38de83d2 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..39cce361 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..264ca01a --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/ubuntu/18.10/templates/web/nginx/proxy_ip.tpl b/install/ubuntu/18.10/templates/web/nginx/proxy_ip.tpl new file mode 100755 index 00000000..ae195617 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/ubuntu/18.10/templates/web/php-fpm/default.tpl b/install/ubuntu/18.10/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.10/templates/web/php-fpm/no-php.tpl b/install/ubuntu/18.10/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/ubuntu/18.10/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.10/templates/web/php-fpm/socket.tpl b/install/ubuntu/18.10/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/ubuntu/18.10/templates/web/skel/document_errors/403.html b/install/ubuntu/18.10/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/ubuntu/18.10/templates/web/skel/document_errors/404.html b/install/ubuntu/18.10/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/ubuntu/18.10/templates/web/skel/document_errors/50x.html b/install/ubuntu/18.10/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/ubuntu/18.10/templates/web/skel/public_html/index.html b/install/ubuntu/18.10/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/18.10/templates/web/skel/public_html/robots.txt b/install/ubuntu/18.10/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/18.10/templates/web/skel/public_shtml/index.html b/install/ubuntu/18.10/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..4f5bb724 --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/ubuntu/18.10/templates/web/skel/public_shtml/robots.txt b/install/ubuntu/18.10/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/ubuntu/18.10/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/ubuntu/18.10/templates/web/suspend/.htaccess b/install/ubuntu/18.10/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/ubuntu/18.10/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/ubuntu/18.10/templates/web/suspend/index.html b/install/ubuntu/18.10/templates/web/suspend/index.html new file mode 100755 index 00000000..f2d04e1f --- /dev/null +++ b/install/ubuntu/18.10/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

SUSPENDED

+

This website has been suspended.

+
+ Please contact the technical support department. +
+ + diff --git a/install/ubuntu/18.10/templates/web/webalizer/webalizer.tpl b/install/ubuntu/18.10/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/ubuntu/18.10/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/ubuntu/18.10/vsftpd/vsftpd.conf b/install/ubuntu/18.10/vsftpd/vsftpd.conf new file mode 100644 index 00000000..75e0104f --- /dev/null +++ b/install/ubuntu/18.10/vsftpd/vsftpd.conf @@ -0,0 +1,40 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_promiscuous=YES +pasv_min_port=12000 +pasv_max_port=12100 +max_per_ip=10 +max_clients=100 +use_localtime=YES +utf8_filesystem=YES +ssl_enable=YES +allow_anon_ssl=NO +require_ssl_reuse=NO +ssl_ciphers=HIGH +ssl_tlsv1=YES +ssl_sslv2=NO +ssl_sslv3=NO +force_local_data_ssl=NO +force_local_logins_ssl=NO +rsa_cert_file=/usr/local/vesta/ssl/certificate.crt +rsa_private_key_file=/usr/local/vesta/ssl/certificate.key diff --git a/install/vst-install-amazon.sh b/install/vst-install-amazon.sh index 8dbdaa14..2bae6418 100644 --- a/install/vst-install-amazon.sh +++ b/install/vst-install-amazon.sh @@ -74,6 +74,9 @@ gen_pass() { echo "$PASS" } +# Defining 32 char blowfish_secret +blowfish_secret=`openssl rand -base64 32`; + # Defining return code check function check_result() { if [ $1 -ne 0 ]; then @@ -1023,7 +1026,7 @@ if [ "$mysql" = 'yes' ]; then cp -f $vestacp/pma/phpMyAdmin.conf /etc/httpd/conf.d/ fi cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php - sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php + sed -i "s#%blowfish_secret#$blowfish_secret#g" /etc/phpMyAdmin/config.inc.php fi diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index dc8ce605..5ce97eac 100644 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -247,7 +247,7 @@ if [ "x$(id -u)" != 'x0' ]; then fi # Checking admin user account -if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' echo -e "Example: bash $0 --force\n" @@ -473,6 +473,17 @@ echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list wget $CHOST/deb_signing.key -O deb_signing.key apt-key add deb_signing.key +# Installing jessie backports +if [ "$release" -eq 8 ]; then + if [ ! -e /etc/apt/apt.conf ]; then + echo 'Acquire::Check-Valid-Until "false";' >> /etc/apt/apt.conf + fi + if [ ! -e /etc/apt/sources.list.d/backports.list ]; then + echo "deb http://archive.debian.org/debian jessie-backports main" >\ + /etc/apt/sources.list.d/backports.list + fi +fi + #----------------------------------------------------------# # Backup # @@ -1286,7 +1297,7 @@ if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 rm -f /tmp/sess_* >/dev/null 2>&1 fi -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then +if [ ! -z "$(grep ^admin: /etc/group)" ]; then groupdel admin > /dev/null 2>&1 fi diff --git a/install/vst-install-rhel.sh b/install/vst-install-rhel.sh index 385534ec..4ea5154c 100755 --- a/install/vst-install-rhel.sh +++ b/install/vst-install-rhel.sh @@ -19,10 +19,10 @@ codename="${os}_$release" vestacp="$VESTA/install/$VERSION/$release" # Defining software pack for all distros -software="awstats bc bind bind-libs bind-utils clamav-server clamav-update +software="nginx awstats bc bind bind-libs bind-utils clamav-server clamav-update curl dovecot e2fsprogs exim expect fail2ban flex freetype ftp GeoIP httpd ImageMagick iptables-services jwhois lsof mailx mariadb mariadb-server mc - mod_fcgid mod_ruid2 mod_ssl net-tools nginx ntp openssh-clients pcre php + mod_fcgid mod_ruid2 mod_ssl net-tools ntp openssh-clients pcre php php-bcmath php-cli php-common php-fpm php-gd php-imap php-mbstring php-mcrypt phpMyAdmin php-mysql php-pdo phpPgAdmin php-pgsql php-soap php-tidy php-xml php-xmlrpc postgresql postgresql-contrib @@ -691,6 +691,10 @@ chmod a+x /backup # Set directory color echo 'LS_COLORS="$LS_COLORS:di=00;33"' >> /etc/profile +# Register /sbin/nologin and /usr/sbin/nologin +echo "/sbin/nologin" >> /etc/shells +echo "/usr/sbin/nologin" >> /etc/shells + # Changing default systemd interval if [ "$release" -eq '7' ]; then # Hi Lennart @@ -1038,8 +1042,15 @@ if [ "$mysql" = 'yes' ]; then if [ "$apache" = 'yes' ]; then cp -f $vestacp/pma/phpMyAdmin.conf /etc/httpd/conf.d/ fi + mysql < /usr/share/phpMyAdmin/sql/create_tables.sql + p=$(gen_pass) + mysql -e "GRANT ALL ON phpmyadmin.* + TO phpmyadmin@localhost IDENTIFIED BY '$p'" cp -f $vestacp/pma/config.inc.conf /etc/phpMyAdmin/config.inc.php - sed -i "s/%blowfish_secret%/$(gen_pass)/g" /etc/phpMyAdmin/config.inc.php + sed -i "s/%blowfish_secret%/$(gen_pass 32)/g" /etc/phpMyAdmin/config.inc.php + sed -i "s/%phpmyadmin_pass%/$p/g" /etc/phpMyAdmin/config.inc.php + chmod 777 /var/lib/phpMyAdmin/temp + chmod 777 /var/lib/phpMyAdmin/save fi diff --git a/install/vst-install-ubuntu.sh b/install/vst-install-ubuntu.sh index e1ca1044..653f7fc1 100755 --- a/install/vst-install-ubuntu.sh +++ b/install/vst-install-ubuntu.sh @@ -19,17 +19,17 @@ codename="$(lsb_release -s -c)" vestacp="$VESTA/install/$VERSION/$release" # Defining software pack for all distros -software="apache2 apache2.2-common apache2-suexec-custom apache2-utils +software="nginx apache2 apache2.2-common apache2-suexec-custom apache2-utils apparmor-utils awstats bc bind9 bsdmainutils bsdutils clamav-daemon cron curl dnsutils dovecot-imapd dovecot-pop3d e2fslibs e2fsprogs exim4 exim4-daemon-heavy expect fail2ban flex ftp git idn imagemagick libapache2-mod-fcgid libapache2-mod-php libapache2-mod-rpaf - libapache2-mod-ruid2 lsof mc mysql-client mysql-common mysql-server nginx + libapache2-mod-ruid2 lsof mc mysql-client mysql-common mysql-server ntpdate php-cgi php-common php-curl php-fpm phpmyadmin php-mysql phppgadmin php-pgsql postgresql postgresql-contrib proftpd-basic quota roundcube-core roundcube-mysql roundcube-plugins rrdtool rssh spamassassin sudo vesta vesta-ioncube vesta-nginx vesta-php vesta-softaculous - vim-common vsftpd webalizer whois zip" + vim-common vsftpd webalizer whois zip net-tools" # Fix for old releases if [[ ${release:0:2} -lt 16 ]]; then @@ -240,7 +240,7 @@ if [ "x$(id -u)" != 'x0' ]; then fi # Checking admin user account -if [ ! -z "$(grep ^admin: /etc/passwd /etc/group)" ] && [ -z "$force" ]; then +if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ -z "$force" ]; then echo 'Please remove admin user account before proceeding.' echo 'If you want to do it automatically run installer with -f option:' echo -e "Example: bash $0 --force\n" @@ -999,10 +999,18 @@ if [ "$mysql" = 'yes' ]; then cp -f $vestacp/pma/apache.conf /etc/phpmyadmin/ ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin.conf fi - cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/ + if [[ ${release:0:2} -ge 18 ]]; then + mysql < /usr/share/phpmyadmin/sql/create_tables.sql + p=$(grep dbpass /etc/phpmyadmin/config-db.php |cut -f 2 -d "'") + mysql -e "GRANT ALL ON phpmyadmin.* + TO phpmyadmin@localhost IDENTIFIED BY '$p'" + else + cp -f $vestacp/pma/config.inc.php /etc/phpmyadmin/ + fi chmod 777 /var/lib/phpmyadmin/tmp fi + #----------------------------------------------------------# # Configure PostgreSQL # #----------------------------------------------------------# @@ -1087,7 +1095,18 @@ fi if [ "$dovecot" = 'yes' ]; then gpasswd -a dovecot mail - cp -rf $vestacp/dovecot /etc/ + if [[ ${release:0:2} -ge 18 ]]; then + cp -r /usr/local/vesta/install/debian/9/dovecot /etc/ + if [ -z "$(grep yes /etc/dovecot/conf.d/10-mail.conf)" ]; then + echo "namespace inbox {" >> /etc/dovecot/conf.d/10-mail.conf + echo " inbox = yes" >> /etc/dovecot/conf.d/10-mail.conf + echo "}" >> /etc/dovecot/conf.d/10-mail.conf + echo "first_valid_uid = 1000" >> /etc/dovecot/conf.d/10-mail.conf + echo "mbox_write_locks = fcntl" >> /etc/dovecot/conf.d/10-mail.conf + fi + else + cp -rf $vestacp/dovecot /etc/ + fi cp -f $vestacp/logrotate/dovecot /etc/logrotate.d/ chown -R root:root /etc/dovecot* update-rc.d dovecot defaults @@ -1136,29 +1155,42 @@ if [ "$exim" = 'yes' ] && [ "$mysql" = 'yes' ]; then cp -f $vestacp/roundcube/apache.conf /etc/roundcube/ ln -s /etc/roundcube/apache.conf /etc/apache2/conf.d/roundcube.conf fi - cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ - cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ - chmod 640 /etc/roundcube/debian-db* - chown root:www-data /etc/roundcube/debian-db* - cp -f $vestacp/roundcube/vesta.php \ - /usr/share/roundcube/plugins/password/drivers/ - cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ - r="$(gen_pass)" - mysql -e "CREATE DATABASE roundcube" - mysql -e "GRANT ALL ON roundcube.* - TO roundcube@localhost IDENTIFIED BY '$r'" - sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php - touch /var/log/roundcube/errors - chmod 640 /var/log/roundcube/errors - chown www-data:adm /var/log/roundcube/errors + + if [[ ${release:0:2} -ge 18 ]]; then + r=$(grep dbpass= /etc/roundcube/debian-db.php |cut -f 2 -d "'") + sed -i "s/default_host.*/default_host'] = 'localhost';/" \ + /etc/roundcube/config.inc.php + sed -i "s/^);/'password');/" /etc/roundcube/config.inc.php + else + r="$(gen_pass)" + cp -f $vestacp/roundcube/main.inc.php /etc/roundcube/ + cp -f $vestacp/roundcube/db.inc.php /etc/roundcube/ + sed -i "s/%password%/$r/g" /etc/roundcube/db.inc.php + fi + if [ "$release" = '16.04' ]; then + # TBD: should be fixed in config repo mv /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php mv /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php chmod 640 /etc/roundcube/debian-db-roundcube.php chown root:www-data /etc/roundcube/debian-db-roundcube.php fi + cp -f $vestacp/roundcube/vesta.php \ + /usr/share/roundcube/plugins/password/drivers/ + cp -f $vestacp/roundcube/config.inc.php /etc/roundcube/plugins/password/ + + mysql -e "CREATE DATABASE roundcube" + mysql -e "GRANT ALL ON roundcube.* + TO roundcube@localhost IDENTIFIED BY '$r'" mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql + + chmod 640 /etc/roundcube/debian-db* + chown root:www-data /etc/roundcube/debian-db* + touch /var/log/roundcube/errors + chmod 640 /var/log/roundcube/errors + chown www-data:adm /var/log/roundcube/errors + php5enmod mcrypt 2>/dev/null phpenmod mcrypt 2>/dev/null if [ "$apache" = 'yes' ]; then @@ -1213,7 +1245,7 @@ if [ ! -z "$(grep ^admin: /etc/passwd)" ] && [ "$force" = 'yes' ]; then mv -f /home/admin $vst_backups/home/ >/dev/null 2>&1 rm -f /tmp/sess_* >/dev/null 2>&1 fi -if [ ! -z "$(grep ^admin: /etc/group)" ] && [ "$force" = 'yes' ]; then +if [ ! -z "$(grep ^admin: /etc/group)" ]; then groupdel admin > /dev/null 2>&1 fi diff --git a/src/deb/ioncube/control b/src/deb/ioncube/control index 9db6cc14..8b264b80 100644 --- a/src/deb/ioncube/control +++ b/src/deb/ioncube/control @@ -1,7 +1,7 @@ Source: vesta-ioncube Package: vesta-ioncube Priority: optional -Version: 0.9.8-23 +Version: 0.9.8-24 Section: admin Maintainer: Serghey Rodin Homepage: https://www.ioncube.com diff --git a/src/rpm/specs/vesta-ioncube.spec b/src/rpm/specs/vesta-ioncube.spec index 54bb5cf4..4dbf3203 100644 --- a/src/rpm/specs/vesta-ioncube.spec +++ b/src/rpm/specs/vesta-ioncube.spec @@ -1,6 +1,6 @@ Name: vesta-ioncube Version: 0.9.8 -Release: 23 +Release: 24 Summary: ionCube Loader Group: System Environment/Base License: "Freely redistributable without restriction" diff --git a/src/rpm/specs/vesta-nginx.spec b/src/rpm/specs/vesta-nginx.spec index ca530cc1..8fb887c9 100644 --- a/src/rpm/specs/vesta-nginx.spec +++ b/src/rpm/specs/vesta-nginx.spec @@ -1,6 +1,6 @@ Name: vesta-nginx Version: 0.9.8 -Release: 23 +Release: 24 Summary: Vesta Control Panel Group: System Environment/Base License: BSD-like diff --git a/src/rpm/specs/vesta-php.spec b/src/rpm/specs/vesta-php.spec index fe5aded9..336e1e77 100644 --- a/src/rpm/specs/vesta-php.spec +++ b/src/rpm/specs/vesta-php.spec @@ -1,6 +1,6 @@ Name: vesta-php Version: 0.9.8 -Release: 23 +Release: 24 Summary: Vesta Control Panel Group: System Environment/Base License: GPL diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index 10830d15..d632cc55 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -1,6 +1,6 @@ Name: vesta Version: 0.9.8 -Release: 23 +Release: 24 Summary: Vesta Control Panel Group: System Environment/Base License: GPL @@ -68,6 +68,14 @@ fi %config(noreplace) %{_vestadir}/web/css/uploadify.css %changelog +* Mon Apr 18 2019 Serghey Rodin - 0.9.8-24 +- Bugfixes +- Security patches +- LEv2 +- Server LE +- i18n updates + + * Thu Oct 18 2018 Serghey Rodin - 0.9.8-23 - Security fixes diff --git a/upd/add_notifications.sh b/upd/add_notifications.sh index e55c0c74..4aecf68c 100755 --- a/upd/add_notifications.sh +++ b/upd/add_notifications.sh @@ -5,5 +5,4 @@ rm -f /usr/local/vesta/data/users/admin/notifications.conf /usr/local/vesta/bin/v-add-user-notification admin "File Manager" "Browse, copy, edit, view, and retrieve all your web domain files using a fully featured File Manager. Plugin is available for purchase." 'filemanager' /usr/local/vesta/bin/v-add-user-notification admin "Chroot SFTP" "If you want to have SFTP accounts that will be used only to transfer files (and not to SSH), you can purchase and enable SFTP Chroot" /usr/local/vesta/bin/v-add-user-notification admin "Softaculous" "Softaculous is one of the best Auto Installers and it is finally available" -/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-23" "We've made 1478 commits, fixed 29 bugs and merged 141 pull request. As always for more information please read release notes" - +/usr/local/vesta/bin/v-add-user-notification admin "Release 0.9.8-24" "This release is about stability and refinement. We added Let's Encrypt v2 support and added server certificate management tools. For more information please read release notes" diff --git a/web/add/cron/autoupdate/index.php b/web/add/cron/autoupdate/index.php index 53d50c05..90854d9b 100644 --- a/web/add/cron/autoupdate/index.php +++ b/web/add/cron/autoupdate/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { exec (VESTA_CMD."v-add-cron-vesta-autoupdate", $output, $return_var); $_SESSION['error_msg'] = __('Autoupdate has been successfully enabled'); diff --git a/web/add/cron/reports/index.php b/web/add/cron/reports/index.php index 4b0424e3..197c5760 100644 --- a/web/add/cron/reports/index.php +++ b/web/add/cron/reports/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + exec (VESTA_CMD."v-add-cron-reports ".$user, $output, $return_var); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully enabled'); unset($output); diff --git a/web/add/firewall/banlist/index.php b/web/add/firewall/banlist/index.php index 774421e6..a9f616a2 100644 --- a/web/add/firewall/banlist/index.php +++ b/web/add/firewall/banlist/index.php @@ -15,6 +15,12 @@ if ($_SESSION['user'] != 'admin') { // Check POST request if (!empty($_POST['ok'])) { + // Check token + if ((!isset($_POST['token'])) || ($_SESSION['token'] != $_POST['token'])) { + header('location: /login/'); + exit(); + } + // Check empty fields if (empty($_POST['v_chain'])) $errors[] = __('banlist'); if (empty($_POST['v_ip'])) $errors[] = __('ip address'); diff --git a/web/add/ip/index.php b/web/add/ip/index.php index 8746ed08..73f56b38 100644 --- a/web/add/ip/index.php +++ b/web/add/ip/index.php @@ -57,7 +57,7 @@ if (!empty($_POST['ok'])) { // Add IP if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." '".$ip_status."' ".$v_name." ".$v_nat, $output, $return_var); + exec (VESTA_CMD."v-add-sys-ip ".$v_ip." ".$v_netmask." ".$v_interface." ".$v_owner." ".$ip_status." ".$v_name." ".$v_nat, $output, $return_var); check_return_code($return_var,$output); unset($output); $v_owner = $_POST['v_owner']; @@ -75,12 +75,12 @@ if (!empty($_POST['ok'])) { } // List network interfaces -exec (VESTA_CMD."v-list-sys-interfaces 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-interfaces json", $output, $return_var); $interfaces = json_decode(implode('', $output), true); unset($output); // List users -exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); diff --git a/web/add/web/index.php b/web/add/web/index.php index e6448c91..d77b8f40 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -118,7 +118,7 @@ if (!empty($_POST['ok'])) { // Add web domain if (empty($_SESSION['error_msg'])) { - exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." 'no' ".$aliases." ".$proxy_ext, $output, $return_var); + exec (VESTA_CMD."v-add-web-domain ".$user." ".$v_domain." ".$v_ip." no ".$aliases." ".$proxy_ext, $output, $return_var); check_return_code($return_var,$output); unset($output); $domain_added = empty($_SESSION['error_msg']); @@ -126,7 +126,7 @@ if (!empty($_POST['ok'])) { // Add DNS domain if (($_POST['v_dns'] == 'on') && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-dns-domain ".$user." ".$v_domain." ".$v_public_ip." '' '' '' '' '' '' '' '' no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -136,7 +136,7 @@ if (!empty($_POST['ok'])) { foreach ($aliases_arr as $alias) { if ($alias != "www.".$_POST['v_domain']) { $alias = escapeshellarg($alias); - exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-dns-on-web-alias ".$user." ".$alias." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -153,7 +153,7 @@ if (!empty($_POST['ok'])) { // Delete proxy support if ((!empty($_SESSION['PROXY_SYSTEM'])) && ($_POST['v_proxy'] == 'off') && (empty($_SESSION['error_msg']))) { $ext = escapeshellarg($ext); - exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-proxy ".$user." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -195,7 +195,7 @@ if (!empty($_POST['ok'])) { } $v_ssl_home = escapeshellarg($_POST['v_ssl_home']); - exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } diff --git a/web/delete/cron/autoupdate/index.php b/web/delete/cron/autoupdate/index.php index ad670ef0..a58064c0 100644 --- a/web/delete/cron/autoupdate/index.php +++ b/web/delete/cron/autoupdate/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { exec (VESTA_CMD."v-delete-cron-vesta-autoupdate", $output, $return_var); $_SESSION['error_msg'] = __('Autoupdate has been successfully disabled'); diff --git a/web/delete/cron/reports/index.php b/web/delete/cron/reports/index.php index af7df20f..10d422a8 100644 --- a/web/delete/cron/reports/index.php +++ b/web/delete/cron/reports/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + exec (VESTA_CMD."v-delete-cron-reports ".$user, $output, $return_var); $_SESSION['error_msg'] = __('Cronjob email reporting has been successfully disabled'); unset($output); diff --git a/web/edit/backup/exclusions/index.php b/web/edit/backup/exclusions/index.php index bbbb4b3e..f4b854b0 100644 --- a/web/edit/backup/exclusions/index.php +++ b/web/edit/backup/exclusions/index.php @@ -12,7 +12,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { } // List backup exclustions -exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-user-backup-exclusions ".$user." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); diff --git a/web/edit/cron/index.php b/web/edit/cron/index.php index 3d8e9922..9f7ffb34 100644 --- a/web/edit/cron/index.php +++ b/web/edit/cron/index.php @@ -20,7 +20,7 @@ if (empty($_GET['job'])) { // List cron job $v_job = escapeshellarg($_GET['job']); -exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-cron-job ".$user." ".$v_job." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); diff --git a/web/edit/db/index.php b/web/edit/db/index.php index 21d394f0..232f6322 100644 --- a/web/edit/db/index.php +++ b/web/edit/db/index.php @@ -20,7 +20,7 @@ if (($_SESSION['user'] == 'admin') && (!empty($_GET['user']))) { // List datbase $v_database = escapeshellarg($_GET['database']); -exec (VESTA_CMD."v-list-database ".$user." ".$v_database." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-database ".$user." ".$v_database." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); @@ -42,6 +42,8 @@ if ( $v_suspended == 'yes' ) { $v_status = 'active'; } +$v_database = escapeshellarg($_GET['database']); + // Check POST request if (!empty($_POST['save'])) { $v_username = $user; diff --git a/web/edit/dns/index.php b/web/edit/dns/index.php index 3c2e1e5c..b8cbc4db 100644 --- a/web/edit/dns/index.php +++ b/web/edit/dns/index.php @@ -52,7 +52,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['record_id']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['record_id']))) { $v_domain = escapeshellarg($_GET['domain']); $v_record_id = escapeshellarg($_GET['record_id']); - exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-dns-records ".$user." ".$v_domain." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); @@ -88,7 +88,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain IP if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { $v_ip = escapeshellarg($_POST['v_ip']); - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); $restart_dns = 'yes'; unset($output); @@ -97,7 +97,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain template if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) { $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-tpl ".$v_username." ".$v_domain." ".$v_template." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -106,7 +106,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change SOA record if (($v_soa != $_POST['v_soa']) && (empty($_SESSION['error_msg']))) { $v_soa = escapeshellarg($_POST['v_soa']); - exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-soa ".$v_username." ".$v_domain." ".$v_soa." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -115,7 +115,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change expiriation date if (($v_exp != $_POST['v_exp']) && (empty($_SESSION['error_msg']))) { $v_exp = escapeshellarg($_POST['v_exp']); - exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-exp ".$v_username." ".$v_domain." ".$v_exp." no", $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -123,7 +123,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (empty($_GET['recor // Change domain ttl if (($v_ttl != $_POST['v_ttl']) && (empty($_SESSION['error_msg']))) { $v_ttl = escapeshellarg($_POST['v_ttl']); - exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-dns-domain-ttl ".$v_username." ".$v_domain." ".$v_ttl." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; diff --git a/web/edit/firewall/index.php b/web/edit/firewall/index.php index 18b4be4c..67e039d4 100644 --- a/web/edit/firewall/index.php +++ b/web/edit/firewall/index.php @@ -20,7 +20,7 @@ if (empty($_GET['rule'])) { // List rule $v_rule = escapeshellarg($_GET['rule']); -exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-firewall-rule ".$v_rule." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); diff --git a/web/edit/ip/index.php b/web/edit/ip/index.php index b9eaa581..c7ec6d7a 100644 --- a/web/edit/ip/index.php +++ b/web/edit/ip/index.php @@ -20,7 +20,7 @@ if (empty($_GET['ip'])) { // List ip $v_ip = escapeshellarg($_GET['ip']); -exec (VESTA_CMD."v-list-sys-ip ".$v_ip." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-ip ".$v_ip." json", $output, $return_var); check_return_code($return_var,$output); $data = json_decode(implode('', $output), true); unset($output); @@ -45,7 +45,7 @@ if ( $v_suspended == 'yes' ) { } // List users -exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); @@ -55,13 +55,13 @@ if (!empty($_POST['save'])) { // Change Status if (($v_ipstatus == 'shared') && (empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'dedicated'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." dedicated", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_dedicated = 'yes'; } if (($v_ipstatus == 'dedicated') && (!empty($_POST['v_shared'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." 'shared'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-ip-status ".$v_ip." shared", $output, $return_var); check_return_code($return_var,$output); unset($output); unset($v_dedicated); diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php index 6c673118..e4451fc5 100644 --- a/web/edit/mail/index.php +++ b/web/edit/mail/index.php @@ -45,7 +45,7 @@ if ((!empty($_GET['domain'])) && (empty($_GET['account']))) { if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) { $v_domain = escapeshellarg($_GET['domain']); $v_account = escapeshellarg($_GET['account']); - exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-mail-account ".$user." ".$v_domain." ".$v_account." json", $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); @@ -70,9 +70,12 @@ if ((!empty($_GET['domain'])) && (!empty($_GET['account']))) { $v_date = $data[$v_account]['DATE']; $v_time = $data[$v_account]['TIME']; + $v_domain = escapeshellarg($_GET['domain']); + $v_account = escapeshellarg($_GET['account']); + // Parse autoreply if ( $v_autoreply == 'yes' ) { - exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." '".$v_domain."' '".$v_account."' json", $output, $return_var); + exec (VESTA_CMD."v-list-mail-account-autoreply ".$user." ".$v_domain." ".$v_account." json", $output, $return_var); $autoreply_str = json_decode(implode('', $output), true); unset($output); $v_autoreply_message = $autoreply_str[$v_account]['MSG']; @@ -228,7 +231,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco $result = array_diff($valiases, $aliases); foreach ($result as $alias) { if ((empty($_SESSION['error_msg'])) && (!empty($alias))) { - exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." '".$alias."'", $output, $return_var); + exec (VESTA_CMD."v-delete-mail-account-alias ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($alias), $output, $return_var); check_return_code($return_var,$output); unset($output); } @@ -254,7 +257,7 @@ if ((!empty($_POST['save'])) && (!empty($_GET['domain'])) && (!empty($_GET['acco $result = array_diff($vfwd, $fwd); foreach ($result as $forward) { if ((empty($_SESSION['error_msg'])) && (!empty($forward))) { - exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." '".$forward."'", $output, $return_var); + exec (VESTA_CMD."v-delete-mail-account-forward ".$v_username." ".$v_domain." ".$v_account." ".escapeshellarg($forward), $output, $return_var); check_return_code($return_var,$output); unset($output); } diff --git a/web/edit/package/index.php b/web/edit/package/index.php index 763bfdf4..e8d4eddc 100644 --- a/web/edit/package/index.php +++ b/web/edit/package/index.php @@ -22,7 +22,7 @@ if (empty($_GET['package'])) { // List package $v_package = escapeshellarg($_GET['package']); -exec (VESTA_CMD."v-list-user-package ".$v_package." 'json'", $output, $return_var); +exec (VESTA_CMD."v-list-user-package ".$v_package." json", $output, $return_var); $data = json_decode(implode('', $output), true); unset($output); @@ -203,7 +203,7 @@ if (!empty($_POST['save'])) { fclose($fp); // Save changes - exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." 'yes'", $output, $return_var); + exec (VESTA_CMD."v-add-user-package ".$tmpdir." ".$v_package." yes", $output, $return_var); check_return_code($return_var,$output); unset($output); @@ -212,7 +212,7 @@ if (!empty($_POST['save'])) { unset($output); // Propogate new package - exec (VESTA_CMD."v-update-user-package ".$v_package." 'json'", $output, $return_var); + exec (VESTA_CMD."v-update-user-package ".$v_package." json", $output, $return_var); check_return_code($return_var,$output); unset($output); diff --git a/web/edit/server/index.php b/web/edit/server/index.php index a505e214..0743ab17 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -78,20 +78,43 @@ foreach ($backup_types as $backup_type) { } } +// List ssl web domains +exec (VESTA_CMD."v-search-ssl-certificates json", $output, $return_var); +$v_ssl_domains = json_decode(implode('', $output), true); +//$v_vesta_certificate +unset($output); + // List ssl certificate info exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); -$ssl_str = json_decode(implode('', $output), true); +$v_sys_ssl_str = json_decode(implode('', $output), true); unset($output); -$v_ssl_crt = $ssl_str['VESTA']['CRT']; -$v_ssl_key = $ssl_str['VESTA']['KEY']; -$v_ssl_ca = $ssl_str['VESTA']['CA']; -$v_ssl_subject = $ssl_str['VESTA']['SUBJECT']; -$v_ssl_aliases = $ssl_str['VESTA']['ALIASES']; -$v_ssl_not_before = $ssl_str['VESTA']['NOT_BEFORE']; -$v_ssl_not_after = $ssl_str['VESTA']['NOT_AFTER']; -$v_ssl_signature = $ssl_str['VESTA']['SIGNATURE']; -$v_ssl_pub_key = $ssl_str['VESTA']['PUB_KEY']; -$v_ssl_issuer = $ssl_str['VESTA']['ISSUER']; +$v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; +$v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; +$v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; +$v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; +$v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; +$v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; +$v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; +$v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; +$v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; +$v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; + +// List mail ssl certificate info +if (!empty($_SESSION['VESTA_CERTIFICATE'])); { + exec (VESTA_CMD."v-list-sys-mail-ssl json", $output, $return_var); + $v_mail_ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_mail_ssl_crt = $v_mail_ssl_str['MAIL']['CRT']; + $v_mail_ssl_key = $v_mail_ssl_str['MAIL']['KEY']; + $v_mail_ssl_ca = $v_mail_ssl_str['MAIL']['CA']; + $v_mail_ssl_subject = $v_mail_ssl_str['MAIL']['SUBJECT']; + $v_mail_ssl_aliases = $v_mail_ssl_str['MAIL']['ALIASES']; + $v_mail_ssl_not_before = $v_mail_ssl_str['MAIL']['NOT_BEFORE']; + $v_mail_ssl_not_after = $v_mail_ssl_str['MAIL']['NOT_AFTER']; + $v_mail_ssl_signature = $v_mail_ssl_str['MAIL']['SIGNATURE']; + $v_mail_ssl_pub_key = $v_mail_ssl_str['MAIL']['PUB_KEY']; + $v_mail_ssl_issuer = $v_mail_ssl_str['MAIL']['ISSUER']; +} // Check POST request if (!empty($_POST['save'])) { @@ -186,17 +209,58 @@ if (!empty($_POST['save'])) { // Update mysql pasword if (empty($_SESSION['error_msg'])) { if (!empty($_POST['v_mysql_password'])) { - exec (VESTA_CMD."v-change-database-host-password mysql localhost root '".escapeshellarg($_POST['v_mysql_password'])."'", $output, $return_var); + exec (VESTA_CMD."v-change-database-host-password mysql localhost root ".escapeshellarg($_POST['v_mysql_password']), $output, $return_var); check_return_code($return_var,$output); unset($output); $v_db_adv = 'yes'; } } + + // Delete Mail Domain SSL certificate + if ((!isset($_POST['v_mail_ssl_domain_checkbox'])) && (!empty($_SESSION['MAIL_CERTIFICATE'])) && (empty($_SESSION['error_msg']))) { + unset($_SESSION['MAIL_CERTIFICATE']); + exec (VESTA_CMD."v-delete-sys-mail-ssl", $output, $return_var); + check_return_code($return_var,$output); + unset($output); + } + + // Updating Mail Domain SSL certificate + if ((isset($_POST['v_mail_ssl_domain_checkbox'])) && (isset($_POST['v_mail_ssl_domain'])) && (empty($_SESSION['error_msg']))) { + if ((!empty($_POST['v_mail_ssl_domain'])) && ($_POST['v_mail_ssl_domain'] != $_SESSION['MAIL_CERTIFICATE'])) { + $v_mail_ssl_str = explode(":", $_POST['v_mail_ssl_domain']); + $v_mail_ssl_user = escapeshellarg($v_mail_ssl_str[0]); + $v_mail_ssl_domain = escapeshellarg($v_mail_ssl_str[1]); + exec (VESTA_CMD."v-add-sys-mail-ssl ".$v_mail_ssl_user." ".$v_mail_ssl_domain, $output, $return_var); + check_return_code($return_var,$output); + unset($output); + unset($v_mail_ssl_str); + + if (empty($_SESSION['error_msg'])) { + $_SESSION['MAIL_CERTIFICATE'] = $_POST['v_mail_ssl_domain']; + + // List SSL certificate info + exec (VESTA_CMD."v-list-sys-mail-ssl json", $output, $return_var); + $v_mail_ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_mail_ssl_crt = $v_mail_ssl_str['MAIL']['CRT']; + $v_mail_ssl_key = $v_mail_ssl_str['MAIL']['KEY']; + $v_mail_ssl_ca = $v_mail_ssl_str['MAIL']['CA']; + $v_mail_ssl_subject = $v_mail_ssl_str['MAIL']['SUBJECT']; + $v_mail_ssl_aliases = $v_mail_ssl_str['MAIL']['ALIASES']; + $v_mail_ssl_not_before = $v_mail_ssl_str['MAIL']['NOT_BEFORE']; + $v_mail_ssl_not_after = $v_mail_ssl_str['MAIL']['NOT_AFTER']; + $v_mail_ssl_signature = $v_mail_ssl_str['MAIL']['SIGNATURE']; + $v_mail_ssl_pub_key = $v_mail_ssl_str['MAIL']['PUB_KEY']; + $v_mail_ssl_issuer = $v_mail_ssl_str['MAIL']['ISSUER']; + } + } + } + // Update webmail url if (empty($_SESSION['error_msg'])) { if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) { - exec (VESTA_CMD."v-change-sys-config-value MAIL_URL '".escapeshellarg($_POST['v_mail_url'])."'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-config-value MAIL_URL ".escapeshellarg($_POST['v_mail_url']), $output, $return_var); check_return_code($return_var,$output); unset($output); $v_mail_adv = 'yes'; @@ -206,7 +270,7 @@ if (!empty($_POST['save'])) { // Update phpMyAdmin url if (empty($_SESSION['error_msg'])) { if ($_POST['v_mysql_url'] != $_SESSION['DB_PMA_URL']) { - exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL '".escapeshellarg($_POST['v_mysql_url'])."'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-config-value DB_PMA_URL ".escapeshellarg($_POST['v_mysql_url']), $output, $return_var); check_return_code($return_var,$output); unset($output); $v_db_adv = 'yes'; @@ -216,7 +280,7 @@ if (!empty($_POST['save'])) { // Update phpPgAdmin url if (empty($_SESSION['error_msg'])) { if ($_POST['v_pgsql_url'] != $_SESSION['DB_PGA_URL']) { - exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL '".escapeshellarg($_POST['v_pgsql_url'])."'", $output, $return_var); + exec (VESTA_CMD."v-change-sys-config-value DB_PGA_URL ".escapeshellarg($_POST['v_pgsql_url']), $output, $return_var); check_return_code($return_var,$output); unset($output); $v_db_adv = 'yes'; @@ -275,7 +339,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -292,7 +356,7 @@ if (!empty($_POST['save'])) { // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { - exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var); + exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var); unset($output); $v_backup_host = escapeshellarg($_POST['v_backup_host']); @@ -300,7 +364,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -322,7 +386,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host '". $v_backup_type ."' '". $v_backup_host ."' '". $v_backup_username ."' '". $v_backup_password ."' '". $v_backup_bpath ."'", $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -339,7 +403,7 @@ if (!empty($_POST['save'])) { // Delete remote backup host if (empty($_SESSION['error_msg'])) { if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) { - exec (VESTA_CMD."v-delete-backup-host '". $v_backup_type ."'", $output, $return_var); + exec (VESTA_CMD."v-delete-backup-host ". $v_backup_type, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = ''; @@ -352,24 +416,67 @@ if (!empty($_POST['save'])) { } } + + + // Delete WEB Domain SSL certificate + if ((!isset($_POST['v_web_ssl_domain_checkbox'])) && (!empty($_SESSION['VESTA_CERTIFICATE'])) && (empty($_SESSION['error_msg']))) { + unset($_SESSION['VESTA_CERTIFICATE']); + exec (VESTA_CMD."v-delete-sys-vesta-ssl", $output, $return_var); + check_return_code($return_var,$output); + unset($output); + } + + // Updating WEB Domain SSL certificate + if ((isset($_POST['v_web_ssl_domain_checkbox'])) && (isset($_POST['v_web_ssl_domain'])) && (empty($_SESSION['error_msg']))) { + + if ((!empty($_POST['v_web_ssl_domain'])) && ($_POST['v_web_ssl_domain'] != $_SESSION['VESTA_CERTIFICATE'])) { + $v_web_ssl_str = explode(":", $_POST['v_web_ssl_domain']); + $v_web_ssl_user = escapeshellarg($v_web_ssl_str[0]); + $v_web_ssl_domain = escapeshellarg($v_web_ssl_str[1]); + exec (VESTA_CMD."v-add-sys-vesta-ssl ".$v_web_ssl_user." ".$v_web_ssl_domain, $output, $return_var); + check_return_code($return_var,$output); + unset($output); + + if (empty($_SESSION['error_msg'])) { + $_SESSION['VESTA_CERTIFICATE'] = $_POST['v_web_ssl_domain']; + + // List SSL certificate info + exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); + $v_sys_ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; + $v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; + $v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; + $v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; + $v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; + $v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; + $v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; + $v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; + $v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; + $v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; + } + } + } + + // Update SSL certificate - if ((!empty($_POST['v_ssl_crt'])) && (empty($_SESSION['error_msg']))) { - if (($v_ssl_crt != str_replace("\r\n", "\n", $_POST['v_ssl_crt'])) || ($v_ssl_key != str_replace("\r\n", "\n", $_POST['v_ssl_key']))) { + if ((!empty($_POST['v_sys_ssl_crt'])) && (empty($_POST['v_web_ssl_domain'])) && (empty($_SESSION['error_msg']))) { + if (($v_sys_ssl_crt != str_replace("\r\n", "\n", $_POST['v_sys_ssl_crt'])) || ($v_sys_ssl_key != str_replace("\r\n", "\n", $_POST['v_sys_ssl_key']))) { exec ('mktemp -d', $mktemp_output, $return_var); $tmpdir = $mktemp_output[0]; // Certificate - if (!empty($_POST['v_ssl_crt'])) { + if (!empty($_POST['v_sys_ssl_crt'])) { $fp = fopen($tmpdir."/certificate.crt", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt'])); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_sys_ssl_crt'])); fwrite($fp, "\n"); fclose($fp); } // Key - if (!empty($_POST['v_ssl_key'])) { + if (!empty($_POST['v_sys_ssl_key'])) { $fp = fopen($tmpdir."/certificate.key", 'w'); - fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key'])); + fwrite($fp, str_replace("\r\n", "\n", $_POST['v_sys_ssl_key'])); fwrite($fp, "\n"); fclose($fp); } @@ -378,20 +485,22 @@ if (!empty($_POST['save'])) { check_return_code($return_var,$output); unset($output); - // List ssl certificate info - exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); - $ssl_str = json_decode(implode('', $output), true); - unset($output); - $v_ssl_crt = $ssl_str['VESTA']['CRT']; - $v_ssl_key = $ssl_str['VESTA']['KEY']; - $v_ssl_ca = $ssl_str['VESTA']['CA']; - $v_ssl_subject = $ssl_str['VESTA']['SUBJECT']; - $v_ssl_aliases = $ssl_str['VESTA']['ALIASES']; - $v_ssl_not_before = $ssl_str['VESTA']['NOT_BEFORE']; - $v_ssl_not_after = $ssl_str['VESTA']['NOT_AFTER']; - $v_ssl_signature = $ssl_str['VESTA']['SIGNATURE']; - $v_ssl_pub_key = $ssl_str['VESTA']['PUB_KEY']; - $v_ssl_issuer = $ssl_str['VESTA']['ISSUER']; + if (empty($_SESSION['error_msg'])) { + // List ssl certificate info + exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var); + $v_sys_ssl_str = json_decode(implode('', $output), true); + unset($output); + $v_sys_ssl_crt = $v_sys_ssl_str['VESTA']['CRT']; + $v_sys_ssl_key = $v_sys_ssl_str['VESTA']['KEY']; + $v_sys_ssl_ca = $v_sys_ssl_str['VESTA']['CA']; + $v_sys_ssl_subject = $v_sys_ssl_str['VESTA']['SUBJECT']; + $v_sys_ssl_aliases = $v_sys_ssl_str['VESTA']['ALIASES']; + $v_sys_ssl_not_before = $v_sys_ssl_str['VESTA']['NOT_BEFORE']; + $v_sys_ssl_not_after = $v_sys_ssl_str['VESTA']['NOT_AFTER']; + $v_sys_ssl_signature = $v_sys_ssl_str['VESTA']['SIGNATURE']; + $v_sys_ssl_pub_key = $v_sys_ssl_str['VESTA']['PUB_KEY']; + $v_sys_ssl_issuer = $v_sys_ssl_str['VESTA']['ISSUER']; + } } } diff --git a/web/edit/web/index.php b/web/edit/web/index.php index 85a278e9..79d79053 100644 --- a/web/edit/web/index.php +++ b/web/edit/web/index.php @@ -36,7 +36,7 @@ $v_cgi = $data[$v_domain]['CGI']; $v_elog = $data[$v_domain]['ELOG']; $v_ssl = $data[$v_domain]['SSL']; if (!empty($v_ssl)) { - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".escapeshellarg($v_domain)." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$v_domain]['CRT']; @@ -117,7 +117,7 @@ if (!empty($_POST['save'])) { // Change web domain IP if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { $v_ip = escapeshellarg($_POST['v_ip']); - exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); $restart_web = 'yes'; $restart_proxy = 'yes'; @@ -129,7 +129,8 @@ if (!empty($_POST['save'])) { exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain." json", $output, $return_var); unset($output); if ($return_var == 0 ) { - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." 'no'", $output, $return_var); + $v_ip = escapeshellarg($_POST['v_ip']); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_domain." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -139,10 +140,12 @@ if (!empty($_POST['save'])) { // Change dns ip for each alias if (($v_ip != $_POST['v_ip']) && (empty($_SESSION['error_msg']))) { foreach($valiases as $v_alias ){ - exec (VESTA_CMD."v-list-dns-domain ".$v_username." '".$v_alias."' json", $output, $return_var); + $v_alias = escapeshellarg($v_alias); + exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_alias." json", $output, $return_var); unset($output); if ($return_var == 0 ) { - exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." '".$v_alias."' ".$v_ip, $output, $return_var); + $v_ip = escapeshellarg($_POST['v_ip']); + exec (VESTA_CMD."v-change-dns-domain-ip ".$v_username." ".$v_alias." ".$v_ip, $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -153,7 +156,7 @@ if (!empty($_POST['save'])) { // Change template if (($v_template != $_POST['v_template']) && (empty($_SESSION['error_msg']))) { $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-tpl ".$v_username." ".$v_domain." ".$v_template." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_web = 'yes'; @@ -173,7 +176,8 @@ if (!empty($_POST['save'])) { $restart_web = 'yes'; $restart_proxy = 'yes'; $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var); + $alias = escapeshellarg($alias); + exec (VESTA_CMD."v-delete-web-domain-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); @@ -181,7 +185,7 @@ if (!empty($_POST['save'])) { exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var); unset($output); if ($return_var == 0) { - exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." '".$alias."' 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-dns-on-web-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -196,14 +200,15 @@ if (!empty($_POST['save'])) { $restart_web = 'yes'; $restart_proxy = 'yes'; $v_template = escapeshellarg($_POST['v_template']); - exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".escapeshellarg($alias)." 'no'", $output, $return_var); + $alias = escapeshellarg($alias); + exec (VESTA_CMD."v-add-web-domain-alias ".$v_username." ".$v_domain." ".$alias." no", $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) { exec (VESTA_CMD."v-list-dns-domain ".$v_username." ".$v_domain, $output, $return_var); unset($output); if ($return_var == 0) { - exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".escapeshellarg($alias)." ".$v_ip." no", $output, $return_var); + exec (VESTA_CMD."v-add-dns-on-web-alias ".$v_username." ".$alias." ".$v_ip." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_dns = 'yes'; @@ -223,7 +228,7 @@ if (!empty($_POST['save'])) { // Delete proxy support if ((!empty($_SESSION['PROXY_SYSTEM'])) && (!empty($v_proxy)) && (empty($_POST['v_proxy'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-proxy ".$v_username." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); unset($v_proxy); @@ -240,7 +245,7 @@ if (!empty($_POST['save'])) { if (( $v_proxy_template != $_POST['v_proxy_template']) || ($v_proxy_ext != $ext)) { $ext = str_replace(', ', ",", $ext); if (!empty($_POST['v_proxy_template'])) $v_proxy_template = $_POST['v_proxy_template']; - exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-proxy-tpl ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." no", $output, $return_var); check_return_code($return_var,$output); $v_proxy_ext = str_replace(',', ', ', $ext); unset($output); @@ -259,7 +264,7 @@ if (!empty($_POST['save'])) { $ext = str_replace(' ', ",", $ext); $v_proxy_ext = str_replace(',', ', ', $ext); } - exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-proxy ".$v_username." ".$v_domain." ".escapeshellarg($v_proxy_template)." ".escapeshellarg($ext)." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_proxy = 'yes'; @@ -269,7 +274,7 @@ if (!empty($_POST['save'])) { if (( $v_ssl == 'yes') && (!empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { if ( $v_ssl_home != $_POST['v_ssl_home'] ) { $v_ssl_home = escapeshellarg($_POST['v_ssl_home']); - exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-sslhome ".$user." ".$v_domain." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); $v_ssl_home = $_POST['v_ssl_home']; $restart_web = 'yes'; @@ -308,13 +313,13 @@ if (!empty($_POST['save'])) { fclose($fp); } - exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." 'no'", $output, $return_var); + exec (VESTA_CMD."v-change-web-domain-sslcert ".$user." ".$v_domain." ".$tmpdir." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $restart_web = 'yes'; $restart_proxy = 'yes'; - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".$v_domain." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$v_domain]['CRT']; @@ -338,7 +343,7 @@ if (!empty($_POST['save'])) { // Delete Lets Encrypt support if (( $v_letsencrypt == 'yes' ) && (empty($_POST['v_letsencrypt'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-letsencrypt-domain ".$user." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-letsencrypt-domain ".$user." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl_crt = ''; @@ -353,7 +358,7 @@ if (!empty($_POST['save'])) { // Delete SSL certificate if (( $v_ssl == 'yes' ) && (empty($_POST['v_ssl'])) && (empty($_SESSION['error_msg']))) { - exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." 'no'", $output, $return_var); + exec (VESTA_CMD."v-delete-web-domain-ssl ".$v_username." ".$v_domain." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl_crt = ''; @@ -367,7 +372,7 @@ if (!empty($_POST['save'])) { // Add Lets Encrypt support if ((!empty($_POST['v_ssl'])) && ( $v_letsencrypt == 'no' ) && (!empty($_POST['v_letsencrypt'])) && empty($_SESSION['error_msg'])) { $l_aliases = str_replace("\n", ',', $v_aliases); - exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." '".$l_aliases."' 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-letsencrypt-domain ".$user." ".$v_domain." ".escapeshellarg($l_aliases)." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_letsencrypt = 'yes'; @@ -415,14 +420,14 @@ if (!empty($_POST['save'])) { fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_ca'])); fclose($fp); } - exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." 'no'", $output, $return_var); + exec (VESTA_CMD."v-add-web-domain-ssl ".$user." ".$v_domain." ".$tmpdir." ".$v_ssl_home." no", $output, $return_var); check_return_code($return_var,$output); unset($output); $v_ssl = 'yes'; $restart_web = 'yes'; $restart_proxy = 'yes'; - exec (VESTA_CMD."v-list-web-domain-ssl ".$user." '".$v_domain."' json", $output, $return_var); + exec (VESTA_CMD."v-list-web-domain-ssl ".$user." ".$v_domain." json", $output, $return_var); $ssl_str = json_decode(implode('', $output), true); unset($output); $v_ssl_crt = $ssl_str[$_POST['v_domain']]['CRT']; diff --git a/web/file_manager/fm_api.php b/web/file_manager/fm_api.php index ac5faa3a..cf4eef82 100644 --- a/web/file_manager/fm_api.php +++ b/web/file_manager/fm_api.php @@ -1,8 +1,8 @@ 'مخدم البريد الالكتروني', 'Antivirus' => 'مضاد الفيروسات', 'AntiSpam' => 'مضاد البريد المزعج سبام', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'رابط WebMail', 'MySQL Support' => 'دعم MySQL', 'phpMyAdmin URL' => 'رابط phpMyAdmin', diff --git a/web/inc/i18n/az.php b/web/inc/i18n/az.php index de5a0352..715043a0 100644 --- a/web/inc/i18n/az.php +++ b/web/inc/i18n/az.php @@ -540,6 +540,7 @@ $LANG['az'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Vebmail URL', 'MySQL Support' => 'MySQL dəstək', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/bg.php b/web/inc/i18n/bg.php index 760b88c1..642e6cfa 100644 --- a/web/inc/i18n/bg.php +++ b/web/inc/i18n/bg.php @@ -553,6 +553,7 @@ $LANG['bg'] = array( 'MAIL Server' => 'Пощенски сървър', 'Antivirus' => 'Антивирус', 'AntiSpam' => 'Антиспам', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Уебмейл адрес', 'MySQL Support' => 'MySQL поддръжкс', 'phpMyAdmin URL' => 'phpMyAdmin адрес', diff --git a/web/inc/i18n/bs.php b/web/inc/i18n/bs.php index 22d997e5..4e2f32e1 100644 --- a/web/inc/i18n/bs.php +++ b/web/inc/i18n/bs.php @@ -559,6 +559,7 @@ $LANG['bs'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/cn.php b/web/inc/i18n/cn.php index 62147871..dd39bc10 100644 --- a/web/inc/i18n/cn.php +++ b/web/inc/i18n/cn.php @@ -10,104 +10,104 @@ */ $LANG['cn'] = array( - 'Packages' => '预设方案', - 'IP' => 'IP 地址', - 'Graphs' => '资源图表', - 'Statistics' => '统计信息', - 'Log' => '系统日志', - 'Server' => '服务器', - 'Services' => '系统服务', + 'Packages' => '用户方案', + 'IP' => 'IP 地址', + 'Graphs' => '资源图表', + 'Statistics' => '统计信息', + 'Log' => '系统日志', + 'Server' => '服务器', + 'Services' => '系统服务', 'Firewall' => '防火墙', - 'Updates' => '系统更新', - 'Log in' => '登录', - 'Log out' => '登出', + 'Updates' => '系统更新', + 'Log in' => '登录', + 'Log out' => '登出', - 'USER' => '用户账户', - 'WEB' => 'Web 服务', - 'DNS' => 'DNS 服务', - 'MAIL' => '邮箱服务', - 'DB' => '数据库', - 'CRON' => '定时任务', - 'BACKUP' => '数据备份', + 'USER' => '用户账户', + 'WEB' => 'Web 服务', + 'DNS' => 'DNS 服务', + 'MAIL' => '邮箱服务', + 'DB' => '数据库', + 'CRON' => '定时任务', + 'BACKUP' => '数据备份', - 'LOGIN' => '登录', - 'RESET PASSWORD' => '重置密码', - 'SEARCH' => '搜索', - 'PACKAGE' => '预设方案', - 'RRD' => '资源图表', - 'STATS' => '统计信息', - 'LOG' => '系统日志', - 'UPDATES' => '系统更新', - 'FIREWALL' => '防火墙', - 'SERVER' => '服务器', - 'MEMORY' => '内存', - 'DISK' => '磁盘', - 'NETWORK' => '网络', - 'Web Log Manager' => 'Web 日志管理', + 'LOGIN' => '登录', + 'RESET PASSWORD' => '重置密码', + 'SEARCH' => '搜索', + 'PACKAGE' => '用户方案', + 'RRD' => '资源图表', + 'STATS' => '统计信息', + 'LOG' => '系统日志', + 'UPDATES' => '系统更新', + 'FIREWALL' => '防火墙', + 'SERVER' => '服务器', + 'MEMORY' => '内存', + 'DISK' => '磁盘', + 'NETWORK' => '网络', + 'Web Log Manager' => 'Web 日志管理', - 'no notifications' => '没有通知', + 'no notifications' => '没有通知', - 'Add User' => '添加用户', - 'Add Domain' => '添加域名', + 'Add User' => '添加用户', + 'Add Domain' => '添加域名', 'Add Web Domain' => '添加网站域名', - 'Add DNS Domain' => '添加DNS域名', - 'Add DNS Record' => '添加DNS记录', - 'Add Mail Domain' => '添加邮箱域名', - 'Add Mail Account' => '添加邮箱账户', - 'Add Database' => '添加数据库', - 'Add Cron Job' => '添加定时任务', - 'Create Backup' => '创建备份', - 'Configure' => '配置', - 'Restore All' => '全部恢复', - 'Add Package' => '添加方案', - 'Add IP' => '添加IP地址', + 'Add DNS Domain' => '添加DNS域名', + 'Add DNS Record' => '添加DNS记录', + 'Add Mail Domain' => '添加邮箱域名', + 'Add Mail Account' => '添加邮箱账户', + 'Add Database' => '添加数据库', + 'Add Cron Job' => '添加定时任务', + 'Create Backup' => '创建备份', + 'Configure' => '配置', + 'Restore All' => '全部恢复', + 'Add Package' => '添加方案', + 'Add IP' => '添加IP地址', 'Add Rule' => '添加规则', 'Ban IP Address' => '封锁IP地址', - 'Search' => '搜索', + 'Search' => '搜索', 'Add one more FTP Account' => '增加一个FTP账户', - 'Overall Statistics' => '整体统计信息', - 'Daily' => '按天', - 'Weekly' => '按周', - 'Monthly' => '按月', - 'Yearly' => '按年', - 'Add' => '添加', - 'Back' => '返回', - 'Save' => '保存', - 'Submit' => '提交', + 'Overall Statistics' => '整体统计信息', + 'Daily' => '按天', + 'Weekly' => '按周', + 'Monthly' => '按月', + 'Yearly' => '按年', + 'Add' => '添加', + 'Back' => '返回', + 'Save' => '保存', + 'Submit' => '提交', - 'toggle all' => '批量操作', - 'apply to selected' => '应用于选中项的操作', - 'rebuild' => '重建', - 'rebuild web' => '重建网站', - 'rebuild dns' => '重建DNS', - 'rebuild mail' => '重建邮箱', - 'rebuild db' => '重建数据库', - 'rebuild cron' => '重建定时任务', - 'update counters' => '更新计数器', - 'suspend' => '暂停', - 'unsuspend' => '解除暂停', - 'delete' => '删除', - 'show per user' => '按用户显示', - 'login as' => '登录至账户', - 'logout' => '登出', - 'edit' => '编辑', - 'open webstats' => '打开网站统计', - 'view logs' => '查看日志', - 'list records' => '列出 %s 条记录', - 'add record' => '添加记录', - 'list accounts' => '列出 %s 个账户', - 'add account' => '添加账户', - 'open webmail' => '打开网页邮箱', - 'list fail2ban' => 'Fail2ban 封锁名单', - 'open %s' => '打开 %s', - 'download' => '下载', - 'restore' => '恢复', - 'configure restore settings' => '配置恢复选项', - 'stop' => '停止', - 'start' => '启动', - 'restart' => '重新启动', - 'update' => '更新', - 'generate' => '生成', + 'toggle all' => '批量操作', + 'apply to selected' => '应用于选中项的操作', + 'rebuild' => '重建', + 'rebuild web' => '重建网站', + 'rebuild dns' => '重建DNS', + 'rebuild mail' => '重建邮箱', + 'rebuild db' => '重建数据库', + 'rebuild cron' => '重建定时任务', + 'update counters' => '更新计数器', + 'suspend' => '暂停', + 'unsuspend' => '解除暂停', + 'delete' => '删除', + 'show per user' => '按用户显示', + 'login as' => '登录至账户', + 'logout' => '登出', + 'edit' => '编辑', + 'open webstats' => '打开网站统计', + 'view logs' => '查看日志', + 'list records' => '列出 %s 条记录', + 'add record' => '添加记录', + 'list accounts' => '列出 %s 个账户', + 'add account' => '添加账户', + 'open webmail' => '打开网页邮箱', + 'list fail2ban' => 'Fail2ban 封锁列表', + 'open %s' => '打开 %s', + 'download' => '下载', + 'restore' => '恢复', + 'configure restore settings' => '配置恢复', + 'stop' => '停止', + 'start' => '启动', + 'restart' => '重新启动', + 'update' => '更新', + 'generate' => '生成', 'Generate CSR' => '生成CSR', 'reread IP' => '重新读取IP', 'enable autoupdate' => '启用自动更新', @@ -116,41 +116,41 @@ $LANG['cn'] = array( 'turn off notifications' => '停用通知', 'configure' => '配置', - 'Adding User' => '添加用户', - 'Editing User' => '编辑用户', - 'Adding Domain' => '添加域名', - 'Editing Domain' => '编辑域名', - 'Adding DNS Domain' => '添加DNS域名', - 'Editing DNS Domain' => '编辑DNS域名', - 'Adding DNS Record' => '添加DNS记录', - 'Editing DNS Record' => '编辑DNS记录', - 'Adding Mail Domain' => '添加邮箱域名', - 'Editing Mail Domain' => '编辑邮箱域名', - 'Adding Mail Account' => '添加邮箱账户', - 'Editing Mail Account' => '编辑邮箱账户', - 'Adding database' => '添加数据库', - 'Editing Cron Job' => '编辑定时任务', - 'Adding Cron Job' => '添加定时任务', - 'Editing Database' => '编辑数据库', - 'Adding Package' => '添加方案', - 'Editing Package' => '编辑方案', - 'Adding IP address' => '添加IP地址', - 'Editing IP Address' => '编辑IP地址', - 'Editing Backup Exclusions' => '配置排除的备份项目', + 'Adding User' => '添加用户', + 'Editing User' => '编辑用户', + 'Adding Domain' => '添加域名', + 'Editing Domain' => '编辑域名', + 'Adding DNS Domain' => '添加DNS域名', + 'Editing DNS Domain' => '编辑DNS域名', + 'Adding DNS Record' => '添加DNS记录', + 'Editing DNS Record' => '编辑DNS记录', + 'Adding Mail Domain' => '添加邮箱域名', + 'Editing Mail Domain' => '编辑邮箱域名', + 'Adding Mail Account' => '添加邮箱账户', + 'Editing Mail Account' => '编辑邮箱账户', + 'Adding database' => '添加数据库', + 'Editing Cron Job' => '编辑定时任务', + 'Adding Cron Job' => '添加定时任务', + 'Editing Database' => '编辑数据库', + 'Adding Package' => '添加方案', + 'Editing Package' => '编辑方案', + 'Adding IP address' => '添加IP地址', + 'Editing IP Address' => '编辑IP地址', + 'Editing Backup Exclusions' => '配置需排除备份的项目', 'Generating CSR' => '生成CSR', - 'Listing' => '列出', - 'Search Results' => '搜索结果', + 'Listing' => '列出', + 'Search Results' => '搜索结果', 'Adding Firewall Rule' => '添加防火墙规则', 'Editing Firewall Rule' => '编辑防火墙规则', - 'Adding IP Address to Banlist' => '添加IP至封锁名单', + 'Adding IP Address to Banlist' => '添加IP至封锁列表', - 'active' => '正常', - 'spnd' => '暂停', - 'suspended' => '已暂停', - 'running' => '运行中', - 'stopped' => '已停止', - 'outdated' => '可升级新版本', - 'updated' => '已是最新版本', + 'active' => '正常', + 'spnd' => '暂停', + 'suspended' => '已暂停', + 'running' => '运行中', + 'stopped' => '已停止', + 'outdated' => '可升级新版本', + 'updated' => '已是最新版本', 'yes' => '是', 'no' => '否', @@ -185,33 +185,33 @@ $LANG['cn'] = array( 'per domain' => '每域名', 'DNS Domains' => 'DNS域名', 'DNS domains' => 'DNS域名', - 'DNS records' => 'DNS记录', + 'DNS records' => 'DNS记录', 'Name Servers' => 'DNS服务器', 'Mail Domains' => '邮箱域名', 'Mail Accounts' => '邮箱账户', 'Cron Jobs' => '定时任务', 'SSH Access' => 'SSH权限', - 'IP Address' => 'IP地址', + 'IP Address' => 'IP地址', 'IP Addresses' => 'IP地址', 'Backups' => '备份', 'Backup System' => '备份系统', - 'backup exclusions' => '排除的备份项目', + 'backup exclusions' => '需排除备份的项目', 'template' => '模板', 'SSL Support' => '启用SSL', 'SSL Home Directory' => 'SSL站点主目录', - 'Lets Encrypt Support' => '采用 Let's Encrypt', - 'Lets Encrypt' => 'Let's Encrypt', + 'Lets Encrypt Support' => '采用 Let's Encrypt', + 'Lets Encrypt' => 'Let's Encrypt', 'Your certificate will be automatically issued in 5 minutes' => '证书将在5分钟内自动完成签发', 'Proxy Support' => '反向代理', 'Proxy Extensions' => '需代理的文件扩展名', 'Web Statistics' => '网站统计', 'Additional FTP Account' => '额外的FTP账户', - 'Path' => '路径', + 'Path' => '路径', 'SOA' => 'SOA', 'TTL' => 'TTL', 'Expire' => '过期', 'Records' => '记录', - 'Serial' => 'Serial', + 'Serial' => '序号', 'Catchall email' => '未知收件人聚合邮箱', 'AntiVirus Support' => '防病毒支持', 'AntiSpam Support' => '防垃圾邮件支持', @@ -221,16 +221,16 @@ $LANG['cn'] = array( 'Autoreply' => '自动回复', 'Forward to' => '转发到', 'Do not store forwarded mail' => '不保留已转发的邮件', - 'IMAP hostname' => 'IMAP 服务器', - 'IMAP port' => 'IMAP 端口', - 'IMAP security' => 'IMAP 安全性', - 'IMAP auth method' => 'IMAP 身份验证', - 'SMTP hostname' => 'SMTP 服务器', - 'SMTP port' => 'SMTP 端口', - 'SMTP security' => 'SMTP 安全性', - 'SMTP auth method' => 'SMTP 身份验证', - 'STARTTLS' => 'STARTTLS', - 'Normal password' => '普通密码', + 'IMAP hostname' => 'IMAP 服务器', + 'IMAP port' => 'IMAP 端口', + 'IMAP security' => 'IMAP 安全类型', + 'IMAP auth method' => 'IMAP 身份验证', + 'SMTP hostname' => 'SMTP 服务器', + 'SMTP port' => 'SMTP 端口', + 'SMTP security' => 'SMTP 安全类型', + 'SMTP auth method' => 'SMTP 身份验证', + 'STARTTLS' => 'STARTTLS', + 'Normal password' => '普通密码', 'database' => '数据库', 'User' => '用户名称', 'Host' => '主机', @@ -249,144 +249,146 @@ $LANG['cn'] = array( 'shared' => '共享', 'dedicated' => '独立', 'Owner' => '归属', - 'Users' => '用户', - 'Load Average' => '平均负载', - 'Memory Usage' => '内存用量', - 'APACHE2 Usage' => 'Apache2 用量', - 'HTTPD Usage' => 'HTTPD 用量', - 'NGINX Usage' => 'NGINX 用量', - 'MySQL Usage on localhost' => 'MySQL用量 (localhost)', - 'PostgreSQL Usage on localhost' => 'PostgreSQL用量 (localhost)', - 'Bandwidth Usage eth0' => '网络流量 (eth0)', - 'Bandwidth Usage eth1' => '网络流量 (eth1)', - 'Bandwidth Usage venet0' => '网络流量 (venet0)', - 'Bandwidth Usage venet1' => '网络流量 (venet1)', - 'Exim Usage' => 'Exim 用量', - 'FTP Usage' => 'FTP 用量', - 'SSH Usage' => 'SSH 用量', - 'reverse proxy' => '反向代理', - 'web server' => 'Web服务', + 'Users' => '用户', + 'Load Average' => '平均负载', + 'Memory Usage' => '内存使用情况', + 'APACHE2 Usage' => 'Apache2 使用情况', + 'HTTPD Usage' => 'HTTPD 使用情况', + 'NGINX Usage' => 'NGINX 使用情况', + 'MySQL Usage on localhost' => 'MySQL 使用情况 (localhost)', + 'PostgreSQL Usage on localhost' => 'PostgreSQL 使用情况 (localhost)', + 'Bandwidth Usage eth0' => '网络使用情况 (eth0)', + 'Bandwidth Usage eth1' => '网络使用情况 (eth1)', + 'Bandwidth Usage venet0' => '网络使用情况 (venet0)', + 'Bandwidth Usage venet1' => '网络使用情况 (venet1)', + 'Bandwidth Usage docker0' => '网络使用情况 (docker0)', + 'Bandwidth Usage docker1' => '网络使用情况 (docker1)', + 'Exim Usage' => 'Exim 使用情况', + 'FTP Usage' => 'FTP 使用情况', + 'SSH Usage' => 'SSH 使用情况', + 'reverse proxy' => '反向代理', + 'web server' => 'Web服务', 'backend server' => '后端服务', //New Keyword for PHP-FPM in SERVER page. - 'dns server' => 'DNS服务', - 'mail server' => '邮箱服务', - 'pop/imap server' => 'POP/IMAP服务', - 'email antivirus' => '邮箱防病毒', - 'email antispam' => '防垃圾邮件', - 'database server' => '数据库服务', - 'ftp server' => 'FTP服务', - 'job scheduler' => '执行定时任务', - 'firewall' => '防火墙服务', - 'brute-force monitor' => '防范暴力攻击', - 'CPU' => 'CPU', - 'Memory' => '内存', - 'Uptime' => '已运行时间', - 'core package' => '核心系统', - 'php interpreter' => 'PHP解释器', - 'internal web server' => '内部Web服务', - 'Version' => '版本', - 'Release' => '发布号', - 'Architecture' => '架构', - 'Object' => '对象', - 'Username' => '用户名称', - 'Password' => '密码', - 'Email' => '电子邮箱', - 'Package' => '方案', - 'Language' => '语言', - 'First Name' => '名字', - 'Last Name' => '姓氏', - 'Send login credentials to email address' => '将登录信息发送到邮箱', - 'Default Template' => '默认模板', - 'Default Name Servers' => '默认DNS服务器', - 'Domain' => '域名', - 'DNS Support' => 'DNS支持', - 'Mail Support' => '邮箱支持', - 'Advanced options' => '高级选项', - 'Basic options' => '基本选项', - 'Aliases' => '别名', - 'SSL Certificate' => 'SSL证书', - 'SSL Key' => 'SSL密钥', - 'SSL Certificate Authority / Intermediate' => 'CA证书或中级证书', + 'dns server' => 'DNS服务', + 'mail server' => '邮箱服务', + 'pop/imap server' => 'POP/IMAP服务', + 'email antivirus' => '邮箱防病毒', + 'email antispam' => '防垃圾邮件', + 'database server' => '数据库服务', + 'ftp server' => 'FTP服务', + 'job scheduler' => '执行定时任务', + 'firewall' => '防火墙服务', + 'brute-force monitor' => '防范暴力攻击', + 'CPU' => 'CPU', + 'Memory' => '内存', + 'Uptime' => '已运行时间', + 'core package' => '核心系统', + 'php interpreter' => 'PHP解释器', + 'internal web server' => '内部Web服务', + 'Version' => '版本', + 'Release' => '发布号', + 'Architecture' => '架构', + 'Object' => '对象', + 'Username' => '用户名称', + 'Password' => '密码', + 'Email' => '电子邮箱', + 'Package' => '方案', + 'Language' => '语言', + 'First Name' => '名字', + 'Last Name' => '姓氏', + 'Send login credentials to email address' => '将登录信息发送到邮箱', + 'Default Template' => '默认模板', + 'Default Name Servers' => '默认DNS服务器', + 'Domain' => '域名', + 'DNS Support' => 'DNS支持', + 'Mail Support' => '邮箱支持', + 'Advanced options' => '高级选项', + 'Basic options' => '基本选项', + 'Aliases' => '别名', + 'SSL Certificate' => 'SSL证书', + 'SSL Key' => 'SSL密钥', + 'SSL Certificate Authority / Intermediate' => 'SSL CA证书 / 中级证书', 'SSL CSR' => 'SSL CSR', - 'optional' => '可选', + 'optional' => '可选', 'internal' => '内部', - 'Statistics Authorization' => '统计授权', - 'Statistics Auth' => '统计验证', - 'Account' => '账户', - 'Prefix will be automaticaly added to username' => '用户名称将会自动添加 %s 前缀', - 'Send FTP credentials to email' => '将FTP登录信息发送到邮箱', - 'Expiration Date' => '到期日期', - 'YYYY-MM-DD' => 'YYYY-MM-DD', - 'Name servers' => 'DNS服务器', - 'Record' => '记录', - 'IP or Value' => 'IP或值', - 'Priority' => '优先级', + 'Statistics Authorization' => '统计授权', + 'Statistics Auth' => '统计验证', + 'Account' => '账户', + 'Prefix will be automaticaly added to username' => '用户名称将会自动添加 %s 前缀', + 'Send FTP credentials to email' => '将FTP登录信息发送到邮箱', + 'Expiration Date' => '到期日期', + 'YYYY-MM-DD' => 'YYYY-MM-DD', + 'Name servers' => 'DNS服务器', + 'Record' => '记录', + 'IP or Value' => 'IP或值', + 'Priority' => '优先级', 'Record Number' => '记录编号', - 'in megabytes' => '以MB为单位', - 'Message' => '信息', - 'use local-part' => '采用 local-part', - 'one or more email addresses' => '一个或更多邮箱地址', - 'Prefix will be automaticaly added to database name and database user' => '数据库名及用户名将会自动添加 %s 前缀', - 'Database' => '数据库名称', - 'Type' => '类型', - 'Minute' => '分', - 'Command' => '指令', - 'Package Name' => '方案名称', - 'Netmask' => '子网掩码', - 'Interface' => '网络接口', - 'Shared' => '共享', - 'Assigned user' => '指定用户', - 'Assigned domain' => '指定域名', + 'in megabytes' => '以MB为单位', + 'Message' => '信息', + 'use local-part' => '使用域内部分', + 'one or more email addresses' => '一个或更多邮箱地址', + 'Prefix will be automaticaly added to database name and database user' => '数据库名及用户名将会自动添加 %s 前缀', + 'Database' => '数据库名称', + 'Type' => '类型', + 'Minute' => '分', + 'Command' => '指令', + 'Package Name' => '方案名称', + 'Netmask' => '子网掩码', + 'Interface' => '网络接口', + 'Shared' => '共享', + 'Assigned user' => '指定用户', + 'Assigned domain' => '指定域名', 'NAT IP association' => 'NAT IP 关联', - 'shell' => 'shell', - 'web domains' => '网站域名', - 'web aliases' => '网站别名', - 'dns records' => 'DNS记录', - 'mail domains' => '邮箱域名', - 'mail accounts' => '邮箱账户', - 'accounts' => '账户', - 'databases' => '数据库', - 'cron jobs' => '定时任务', - 'backups' => '备份', - 'quota' => '配额', - 'day of week' => '星期几', - 'cmd' => '指令', - 'users' => '用户', - 'domains' => '域名', - 'aliases' => '别名', - 'records' => '记录', - 'jobs' => '任务', - 'username' => '用户名称', - 'password' => '密码', - 'type' => '类型', - 'charset' => '编码', - 'domain' => '域名', - 'ip' => 'IP', - 'ip address' => 'IP地址', - 'IP address' => 'IP地址', - 'netmask' => '子网掩码', - 'interface' => '网络接口', - 'assigned user' => '指定用户', - 'ns1' => 'ns1', - 'ns2' => 'ns2', - 'user' => '用户', - 'email' => '邮箱', - 'first name' => '名字', - 'last name' => '姓氏', - 'account' => '账户', - 'ssl certificate' => 'SSL证书', - 'ssl key' => 'SSL密钥', - 'stats user password' => '统计用户账户密码', - 'stats username' => '统计用户名称', - 'stats password' => '统计密码', - 'ftp user password' => 'FTP用户账户密码', - 'ftp user' => 'FTP用户', + 'shell' => 'shell', + 'web domains' => '网站域名', + 'web aliases' => '网站别名', + 'dns records' => 'DNS记录', + 'mail domains' => '邮箱域名', + 'mail accounts' => '邮箱账户', + 'accounts' => '账户', + 'databases' => '数据库', + 'cron jobs' => '定时任务', + 'backups' => '备份', + 'quota' => '配额', + 'day of week' => '星期几', + 'cmd' => '指令', + 'users' => '用户', + 'domains' => '域名', + 'aliases' => '别名', + 'records' => '记录', + 'jobs' => '任务', + 'username' => '用户名称', + 'password' => '密码', + 'type' => '类型', + 'charset' => '编码', + 'domain' => '域名', + 'ip' => 'IP', + 'ip address' => 'IP地址', + 'IP address' => 'IP地址', + 'netmask' => '子网掩码', + 'interface' => '网络接口', + 'assigned user' => '指定用户', + 'ns1' => 'ns1', + 'ns2' => 'ns2', + 'user' => '用户', + 'email' => '邮箱', + 'first name' => '名字', + 'last name' => '姓氏', + 'account' => '账户', + 'ssl certificate' => 'SSL证书', + 'ssl key' => 'SSL密钥', + 'stats user password' => '统计用户账户密码', + 'stats username' => '统计用户名称', + 'stats password' => '统计密码', + 'ftp user password' => 'FTP用户账户密码', + 'ftp user' => 'FTP用户', 'Last 70 lines of %s.%s.log' => '%s.%s.log 的最后 70 行', 'AccessLog' => '访问日志', 'ErrorLog' => '错误日志', 'Download AccessLog' => '下载访问日志', 'Download ErrorLog' => '下载错误日志', 'Country' => '国家地区', - '2 letter code' => '采用 ISO 3166-1 二位代码 如: 中国CN / 美国US', + '2 letter code' => '采用 ISO 3166-1 α-2 二位代码 如: 中国CN / 美国US', 'State / Province' => '州 / 省级', 'City / Locality' => '市 / 地区', 'Organization' => '组织名称', @@ -417,48 +419,48 @@ $LANG['cn'] = array( 'cron' => '任务', 'user dir' => '用户目录', - 'unlimited' => '无限', - '1 account' => '1 个账户', - '%s accounts' => '%s 个账户', - '1 domain' => '1 个域名', - '%s domains' => '%s 个域名', - '1 record' => '1 条记录', - '%s records' => '%s 条记录', - '1 mail account' => '1 个邮箱账户', - '%s mail accounts' => '%s 个邮箱账户', - '1 database' => '1 个数据库', - '%s databases' => '%s 个数据库', - '1 cron job' => '1 个任务', - '%s cron jobs' => '%s 个任务', - '1 archive' => '1 个存档', - '%s archives' => '%s 个存档', - '1 item' => '1 个项目', - '%s items' => '%s 个项目', - '1 package' => '1 个方案', - '%s packages' => '%s 个方案', - '1 IP address' => '1 个IP地址', - '%s IP addresses' => '%s 个IP地址', - '1 month' => '1 个月', - '%s months' => '%s 个月', - '1 log record' => '1 条日志记录', - '%s log records' => '%s 条日志记录', - '1 object' => '1 个对象', - '%s objects' => '%s 个对象', + 'unlimited' => '无限', + '1 account' => '1 个账户', + '%s accounts' => '%s 个账户', + '1 domain' => '1 个域名', + '%s domains' => '%s 个域名', + '1 record' => '1 条记录', + '%s records' => '%s 条记录', + '1 mail account' => '1 个邮箱账户', + '%s mail accounts' => '%s 个邮箱账户', + '1 database' => '1 个数据库', + '%s databases' => '%s 个数据库', + '1 cron job' => '1 个任务', + '%s cron jobs' => '%s 个任务', + '1 archive' => '1 个存档', + '%s archives' => '%s 个存档', + '1 item' => '1 个项目', + '%s items' => '%s 个项目', + '1 package' => '1 个方案', + '%s packages' => '%s 个方案', + '1 IP address' => '1 个IP地址', + '%s IP addresses' => '%s 个IP地址', + '1 month' => '1 个月', + '%s months' => '%s 个月', + '1 log record' => '1 条日志记录', + '%s log records' => '%s 条日志记录', + '1 object' => '1 个对象', + '%s objects' => '%s 个对象', 'no exclusions' => '没有被排除的项目', '1 rule' => '1 条规则', '%s rules' => '%s 条规则', 'There are no currently banned IP' => '目前没有被封锁的IP地址', - 'USER_CREATED_OK' => '用户 %s 已添加成功', - 'WEB_DOMAIN_CREATED_OK' => '网站域名 %s 已添加成功', - 'DNS_DOMAIN_CREATED_OK' => 'DNS域名 %s 已添加成功', - 'DNS_RECORD_CREATED_OK' => '记录 %s.%s 已添加成功', - 'MAIL_DOMAIN_CREATED_OK' => '邮箱域名 %s 已添加成功', - 'MAIL_ACCOUNT_CREATED_OK' => '邮箱账户 %s@%s 已添加成功', - 'DATABASE_CREATED_OK' => '数据库 %s 已添加成功', - 'CRON_CREATED_OK' => '定时任务已添加成功', - 'IP_CREATED_OK' => 'IP地址 %s 已添加成功', - 'PACKAGE_CREATED_OK' => '方案 %s 已添加成功', + 'USER_CREATED_OK' => '用户 %s 已添加成功', + 'WEB_DOMAIN_CREATED_OK' => '网站域名 %s 已添加成功', + 'DNS_DOMAIN_CREATED_OK' => 'DNS域名 %s 已添加成功', + 'DNS_RECORD_CREATED_OK' => '记录 %s.%s 已添加成功', + 'MAIL_DOMAIN_CREATED_OK' => '邮箱域名 %s 已添加成功', + 'MAIL_ACCOUNT_CREATED_OK' => '邮箱账户 %s@%s 已添加成功', + 'DATABASE_CREATED_OK' => '数据库 %s 已添加成功', + 'CRON_CREATED_OK' => '定时任务已添加成功', + 'IP_CREATED_OK' => 'IP地址 %s 已添加成功', + 'PACKAGE_CREATED_OK' => '方案 %s 已添加成功', 'SSL_GENERATED_OK' => 'SSL证书已生成成功', 'RULE_CREATED_OK' => '规则已创建成功', 'BANLIST_CREATED_OK' => 'IP地址已封锁成功', @@ -466,8 +468,8 @@ $LANG['cn'] = array( 'Autoupdate has been successfully disabled' => '自动更新已成功关闭', 'Cronjob email reporting has been successfully enabled' => '定时任务的电子邮件报告已成功启用', 'Cronjob email reporting has been successfully disabled' => '定时任务的电子邮件报告已成功关闭', - 'Changes has been saved.' => '已保存更改', - 'Confirmation' => '确认', + 'Changes has been saved.' => '已保存更改', + 'Confirmation' => '确认', 'DELETE_USER_CONFIRMATION' => '确定要删除用户 %s 吗?', 'SUSPEND_USER_CONFIRMATION' => '确定要暂停用户 %s 吗?', 'UNSUSPEND_USER_CONFIRMATION' => '确定要解除暂停用户 %s 吗?', @@ -486,31 +488,31 @@ $LANG['cn'] = array( 'DELETE_CRON_CONFIRMATION' => '确定要删除定时任务吗?', 'SUSPEND_CRON_CONFIRMATION' => '确定要暂停定时任务吗?', 'UNSUSPEND_CRON_CONFIRMATION' => '确定要解除暂停定时任务吗?', - 'DELETE_BACKUP_CONFIRMATION' => '确定要删除 %s 备份吗?', + 'DELETE_BACKUP_CONFIRMATION' => '确定要删除 %s 备份吗?', 'DELETE_EXCLUSION_CONFIRMATION' => '确定要删除 %s 例外吗?', - 'DELETE_PACKAGE_CONFIRMATION' => '确定要删除方案 %s 吗?', - 'DELETE_IP_CONFIRMATION' => '确定要删除IP地址 %s 吗?', + 'DELETE_PACKAGE_CONFIRMATION' => '确定要删除方案 %s 吗?', + 'DELETE_IP_CONFIRMATION' => '确定要删除IP地址 %s 吗?', 'DELETE_RULE_CONFIRMATION' => '确定要删除规则 #%s 吗?', 'SUSPEND_RULE_CONFIRMATION' => '确定要暂停规则 #%s 吗?', 'UNSUSPEND_RULE_CONFIRMATION' => '确定要解除暂停规则 #%s 吗?', 'LEAVE_PAGE_CONFIRMATION' => '确定要离开当前页吗?', 'RESTART_CONFIRMATION' => '确定要重新启动 %s 吗?', - 'Welcome' => '欢迎', - 'LOGGED_IN_AS' => '以 %s 的身份登录', - 'Error' => '错误', - 'Invalid username or password' => '无效的用户名称或密码', - 'Invalid username or code' => '无效的用户名称或验证码.', - 'Passwords not match' => '密码错误', - 'Please enter valid email address.' => '请输入正确的邮箱', - 'Field "%s" can not be blank.' => '"%s" 不能为空', - 'Password is too short.' => '密码太短 (至少为6个数字+字母)', - 'Error code:' => '错误代码: %s', - 'SERVICE_ACTION_FAILED' => '"%s" "%s" 失败', + 'Welcome' => '欢迎', + 'LOGGED_IN_AS' => '以 %s 的身份登录', + 'Error' => '错误', + 'Invalid username or password' => '无效的用户名称或密码', + 'Invalid username or code' => '无效的用户名称或验证码.', + 'Passwords not match' => '密码错误', + 'Please enter valid email address.' => '请输入正确的邮箱', + 'Field "%s" can not be blank.' => '"%s" 不能为空', + 'Password is too short.' => '密码太短 (至少为6个数字+字母)', + 'Error code:' => '错误代码: %s', + 'SERVICE_ACTION_FAILED' => '"%s" "%s" 失败', 'IP address is in use' => 'IP地址在使用中', - 'BACKUP_SCHEDULED' => '您的要求已加入队列中,备份完成后会以电子邮件通知您 ', - 'BACKUP_EXISTS' => '已经有一个备份正在执行,请等待备份完成后再操作', - 'RESTORE_SCHEDULED' => '您的要求已加入队列中,恢复完成后会以电子邮件通知您', - 'RESTORE_EXISTS' => '已经有一个恢复正在执行,请等待恢复完成后再操作', + 'BACKUP_SCHEDULED' => '您的要求已加入队列中,备份完成后会以电子邮件通知您 ', + 'BACKUP_EXISTS' => '已经有一个备份正在执行,请等待备份完成后再操作', + 'RESTORE_SCHEDULED' => '您的要求已加入队列中,恢复完成后会以电子邮件通知您', + 'RESTORE_EXISTS' => '已经有一个恢复正在执行,请等待恢复完成后再操作', 'WEB_EXCLUSIONS' => '输入域名,每行一个。要排除所有域名请使用 *。要排除特定目录使用以下格式: domain.com:public_html/cache:public_html/tmp', 'DNS_EXCLUSIONS' => '输入域名,每行一个。要排除所有域名请使用 *', @@ -519,27 +521,27 @@ $LANG['cn'] = array( 'CRON_EXCLUSIONS' => '要排除所有任务请使用 *', 'USER_EXCLUSIONS' => '输入目录名称,每行一个。要排除所有目录请使用 *', - 'Welcome to Vesta Control Panel' => '欢迎来到 Vesta 管理系统', - 'MAIL_FROM' => 'Vesta 管理系统 ', + 'Welcome to Vesta Control Panel' => '欢迎来到 Vesta 管理系统', + 'MAIL_FROM' => 'Vesta 管理系统 ', 'GREETINGS_GORDON_FREEMAN' => "您好, %s %s,\n", 'GREETINGS' => "您好,\n", 'ACCOUNT_READY' => "您的账户已创建成功,并可以开始使用了!\n\nhttps://%s/login/\n用户名称: %s\n密码: %s\n\n--\nVesta Control Panel\n", - 'FTP login credentials' => 'FTP 登录信息', + 'FTP login credentials' => 'FTP 登录信息', 'FTP_ACCOUNT_READY' => "FTP账户已创建成功,并可以开始使用了!\n\n主机名称: %s\n用户名称: %s_%s\n密码: %s\n\n--\nVesta Control Panel\n", - 'Database Credentials' => '数据库登录信息', + 'Database Credentials' => '数据库登录信息', 'DATABASE_READY' => "数据库已添加成功!\n\n数据库名称: %s\n用户名称: %s\n密码: %s\n%s\n\n--\nVesta Control Panel\n", - 'forgot password' => '忘记密码', - 'Confirm' => '确认', - 'New Password' => '新密码', - 'Confirm Password' => '确认密码', - 'Reset' => '重置', - 'Reset Code' => '重置代码', - 'RESET_NOTICE' => '', - 'RESET_CODE_SENT' => '密码重置代码已发送到您的邮箱
', - 'MAIL_RESET_SUBJECT' => '密码重置在 %s', + 'forgot password' => '忘记密码', + 'Confirm' => '确认', + 'New Password' => '新密码', + 'Confirm Password' => '确认密码', + 'Reset' => '重置', + 'Reset Code' => '重置代码', + 'RESET_NOTICE' => '', + 'RESET_CODE_SENT' => '密码重置代码已发送到您的邮箱
', + 'MAIL_RESET_SUBJECT' => '密码重置在 %s', 'PASSWORD_RESET_REQUEST' => '重置密码请点击链接:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\n或者您可以到 https://%s/reset/?action=code&user=%s 输入密码重置代码:\n%s\n\n如果您没有要求重置密码,请忽略此邮件\n\n--\nVesta Control Panel\n', 'Jan' => '01月', @@ -568,6 +570,7 @@ $LANG['cn'] = array( 'MAIL Server' => '邮箱服务器', 'Antivirus' => '防病毒引擎', 'AntiSpam' => '防垃圾邮件', + 'Use Web Domain SSL Certificate' => '采用网站域名SSL证书', 'Webmail URL' => '网页邮箱网址', 'MySQL Support' => 'MySQL 支持', 'phpMyAdmin URL' => '设置 phpMyAdmin 网址', @@ -703,7 +706,7 @@ $LANG['cn'] = array( 'Add File to the Current Selection' => '将文件添加到当前选中区内', 'Select All Files' => '选择所有文件', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => - '快捷键的灵感来自旖旎的 GNU Midnight Commander 文件管理器', + '快捷键的灵感来自华丽的 GNU Midnight Commander 文件管理器', 'Licence Key' => '许可密匙', 'Enter License Key' => '输入许可密匙', @@ -712,7 +715,7 @@ $LANG['cn'] = array( 'Disable and Cancel Licence' => '停用并取消许可', 'Licence Activated' => '许可已激活', 'Licence Deactivated' => '许可已停用', - 'Restrict users so that they cannot use SSH and access only their home directory.' => '限制用户,使他们通过 SSH 只能访问自己的主目录。', + 'Restrict users so that they cannot use SSH and access only their home directory.' => '限制用户,对他们禁用 SSH 且只能访问自己的主目录。', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => '功能全面的文件管理器,浏览,复制,编辑,查看和检索你的 Web 文件。', 'This is a commercial module, you would need to purchace license key to enable it.' => '这是商业模块,请购买许可密匙来启用它。', @@ -745,16 +748,16 @@ $LANG['cn'] = array( 'awstats' => 'AWStats', 'Vesta SSL' => 'Vesta SSL', - 'SUBJECT' => '颁发给', + 'SUBJECT' => '使用者', 'ALIASES' => '可选名称', - 'NOT_BEFORE' => '有效期从', + 'NOT_BEFORE' => '有效期自', 'NOT_AFTER' => '有效期至', 'SIGNATURE' => '签名算法', - 'PUB_KEY' => '公钥长度', + 'PUB_KEY' => '密钥大小', 'ISSUER' => '颁发者', 'Use server hostname' => '采用服务器主机名', - 'Use domain hostname' => '采用域名', + 'Use domain hostname' => '采用账户所在域名', 'Use STARTTLS' => '采用 STARTTLS 加密', 'Use SSL / TLS' => '采用 SSL / TLS 加密', 'No encryption' => '不加密', @@ -762,5 +765,5 @@ $LANG['cn'] = array( 'maximum characters length, including prefix' => '包含前缀最多 %s 个字符', - 'Email Credentials' => '电子邮件证书', + 'Email Credentials' => '电子邮件凭据', ); diff --git a/web/inc/i18n/cz.php b/web/inc/i18n/cz.php index f9f291bf..9a0cac79 100644 --- a/web/inc/i18n/cz.php +++ b/web/inc/i18n/cz.php @@ -560,6 +560,7 @@ $LANG['cz'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/da.php b/web/inc/i18n/da.php index 80e78a35..6e0fab72 100644 --- a/web/inc/i18n/da.php +++ b/web/inc/i18n/da.php @@ -561,6 +561,7 @@ $LANG['da'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/de.php b/web/inc/i18n/de.php index 43fc857b..17d1101f 100644 --- a/web/inc/i18n/de.php +++ b/web/inc/i18n/de.php @@ -214,7 +214,7 @@ $LANG['de'] = array( 'Quota' => 'Kontingent', 'Autoreply' => 'Autoreply', 'Forward to' => 'Weiterleiten zu', - 'Do not store forwarded mail' => 'Weiterleitungs Adresse nicht speichern', + 'Do not store forwarded mail' => 'Weitergeleitete E-Mails nicht speichern', 'IMAP hostname' => 'IMAP hostname', 'IMAP port' => 'IMAP port', 'IMAP security' => 'IMAP security', @@ -559,6 +559,7 @@ $LANG['de'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/el.php b/web/inc/i18n/el.php index 7e193523..bef89086 100644 --- a/web/inc/i18n/el.php +++ b/web/inc/i18n/el.php @@ -561,6 +561,7 @@ $LANG['el'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/en.php b/web/inc/i18n/en.php index ed5c1f2e..d7ae290d 100644 --- a/web/inc/i18n/en.php +++ b/web/inc/i18n/en.php @@ -559,6 +559,7 @@ $LANG['en'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/es.php b/web/inc/i18n/es.php index 212d78a2..6e5ce352 100644 --- a/web/inc/i18n/es.php +++ b/web/inc/i18n/es.php @@ -567,6 +567,7 @@ $LANG['es'] = array( 'MAIL Server' => 'Servidor de Correo', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Utilizar el certificado SSL de un dominio', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'Soportar MYSQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/fa.php b/web/inc/i18n/fa.php index 57295481..8355691a 100644 --- a/web/inc/i18n/fa.php +++ b/web/inc/i18n/fa.php @@ -543,6 +543,7 @@ $LANG['fa'] = array( 'MAIL Server' => 'سرور پستی', 'Antivirus' => 'ضد ویروس', 'AntiSpam' => 'ضد هرزنامه', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'نشانی وب میل', 'MySQL Support' => 'پشتیبانی MySQL', 'phpMyAdmin URL' => 'نشانی phpMyAdmin', diff --git a/web/inc/i18n/fi.php b/web/inc/i18n/fi.php index aff1375b..951f8da3 100644 --- a/web/inc/i18n/fi.php +++ b/web/inc/i18n/fi.php @@ -2,7 +2,7 @@ /** * Vesta Finnish language file * OHakala (onni@koodimonni.fi) -* RJuho (juho.rasanen@kotikone.fi) +* RJuho (juho.rasanen@setuppi.fi) * theel0ja (theel0ja@theel0ja.info) */ @@ -40,9 +40,9 @@ $LANG['fi'] = array( 'MEMORY' => 'MUISTI', 'DISK' => 'LEVY', 'NETWORK' => 'VERKKO', - 'Web Log Manager' => 'Web Log Manager', + 'Web Log Manager' => 'Verkkolokimanageri', - 'no notifications' => 'no notifications', + 'no notifications' => 'ei ilmoituksia', 'Add User' => 'Lisää käyttäjä', 'Add Domain' => 'Lisää domaini', @@ -111,7 +111,7 @@ $LANG['fi'] = array( 'disable autoupdate' => 'älä päivitä automaattisesti', 'turn on notifications' => 'päälle ilmoitus', 'turn off notifications' => 'sammuta ilmoitus', - 'configure' => 'configure', + 'configure' => 'määritä', 'Adding User' => 'Lisätään käyttäjää', 'Editing User' => 'Muokataan käyttäjää', @@ -195,14 +195,14 @@ $LANG['fi'] = array( 'template' => 'pohjat', 'SSL Support' => 'SSL-tuki', 'SSL Home Directory' => 'SSL-kotihakemisto', - 'Lets Encrypt Support' => 'Lets Encrypt Support', + 'Lets Encrypt Support' => 'Lets Encrypt Tuki', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => 'Your certificate will be automatically issued in 5 minutes', + 'Your certificate will be automatically issued in 5 minutes' => 'Sertifikaattisi käsitellään viiden minuutin sisään', 'Proxy Support' => 'Proxy-tuki', 'Proxy Extensions' => 'Proxy-laajennukset', 'Web Statistics' => 'Web-tilastot', 'Additional FTP Account' => 'Ylimääräinen FTP-tili', - 'Path' => 'Path', + 'Path' => 'Polku', 'SOA' => 'SOA', 'TTL' => 'TTL', 'Expire' => 'Päättyy', @@ -217,19 +217,19 @@ $LANG['fi'] = array( 'Autoreply' => 'Automaattinen vastaus', 'Forward to' => 'Uudelleenohjaa', 'Do not store forwarded mail' => 'Älä säilytä uudelleenohjattuja viestejä', - 'IMAP hostname' => 'IMAP hostname', - 'IMAP port' => 'IMAP port', - 'IMAP security' => 'IMAP security', - 'IMAP auth method' => 'IMAP auth method', - 'SMTP hostname' => 'SMTP-hostname', - 'SMTP port' => 'SMTP-portti', - 'SMTP security' => 'SMTP-turvallisuus', - 'SMTP auth method' => 'SMTP auth method', + 'IMAP hostname' => 'IMAP osoite', + 'IMAP port' => 'IMAP portti', + 'IMAP security' => 'IMAP turvallisuus', + 'IMAP auth method' => 'IMAP auth-menetelmä', + 'SMTP hostname' => 'SMTP osoite', + 'SMTP port' => 'SMTP portti', + 'SMTP security' => 'SMTP turvallisuus', + 'SMTP auth method' => 'SMTP auth-menetelmä', 'STARTTLS' => 'STARTTLS', 'Normal password' => 'Normaali salasana', 'database' => 'tietokanta', 'User' => 'Käyttäjä', - 'Host' => 'Host', + 'Host' => 'Isäntä', 'Charset' => 'Merkistö', 'Min' => 'Min', 'Hour' => 'Tunti', @@ -243,7 +243,7 @@ $LANG['fi'] = array( 'Domains' => 'Domainit', 'Status' => 'Tila', 'shared' => 'jaetut', - 'dedicated' => 'dedicated', + 'dedicated' => 'omistautunut', 'Owner' => 'Omistaja', 'Users' => 'Käyttäjät', 'Load Average' => 'Keskimääräinen Käyttöaste', @@ -268,8 +268,8 @@ $LANG['fi'] = array( 'database server' => 'tietokantapalvelin', 'ftp server' => 'ftp-palvelin', 'job scheduler' => 'ajastettu työ', //no-idea E: @theel0ja: ajastettu työ would be good. - 'firewall' => 'firewall', - 'brute-force monitor' => 'brute-force monitor', + 'firewall' => 'palomuuri', + 'brute-force monitor' => 'raaka voima monitori', 'CPU' => 'Prosessori', 'Memory' => 'Muisti', 'Uptime' => 'Käyttöaika', @@ -282,7 +282,7 @@ $LANG['fi'] = array( 'Object' => 'Objekti', 'Username' => 'Käyttäjä', 'Password' => 'Salasana', - 'Email' => 'Email', + 'Email' => 'Sähköposti', 'Package' => 'Paketti', 'Language' => 'Kieli', 'First Name' => 'Etunimi', @@ -290,15 +290,15 @@ $LANG['fi'] = array( 'Send login credentials to email address' => 'Lähetä kirjautumistiedot sähköpostilla.', 'Default Template' => 'Oletuspohja', 'Default Name Servers' => 'Oletusnimipalvelimet', - 'Domain' => 'Domain', + 'Domain' => 'Domaini', 'DNS Support' => 'Tarvitsee DNS:n', 'Mail Support' => 'Tarvitsee sähköpostin', 'Advanced options' => 'Lisäasetukset', - 'Basic options' => 'Basic options', + 'Basic options' => 'Perusasetukset', 'Aliases' => 'Aliakset', 'SSL Certificate' => 'SSL-sertifikaatti', 'SSL Key' => 'SSL-avain', - 'SSL Certificate Authority / Intermediate' => 'SSL Certificate Authority / Intermediate', //no-idea + 'SSL Certificate Authority / Intermediate' => 'SSL varmenteen tarjoaja', //no-idea 'SSL CSR' => 'SSL CSR', 'optional' => 'valinnainen', 'internal' => 'sisäinen', @@ -311,12 +311,12 @@ $LANG['fi'] = array( 'YYYY-MM-DD' => 'YYYY-MM-DD', 'Name servers' => 'Nimipalvelimet', 'Record' => 'Tietue', - 'IP or Value' => 'IP or Value', //no-idea + 'IP or Value' => 'IP tai Arvo', //no-idea 'Priority' => 'Prioriteetti', 'Record Number' => 'Tietueen numero', 'in megabytes' => 'megatavuissa', 'Message' => 'Viesti', - 'use local-part' => 'use local-part', //no-idea + 'use local-part' => 'käytä paikallista osaa', //no-idea 'one or more email addresses' => 'yksi tai useampia sähköposteja', 'Prefix will be automaticaly added to database name and database user' => 'Etuliite %s lisätään automaattisesti tietokannan nimeen ja käyttäjään', 'Database' => 'Tietokanta', @@ -324,12 +324,12 @@ $LANG['fi'] = array( 'Minute' => 'Minuutti', 'Command' => 'Käsky', 'Package Name' => 'Paketin nimi', - 'Netmask' => 'Netmask', //no-idea - 'Interface' => 'Interface', //no-idea + 'Netmask' => 'Verkkopeite', //no-idea + 'Interface' => 'Käyttöliittymä', //no-idea 'Shared' => 'Jaettu', 'Assigned user' => 'Määritetty käyttäjä', 'Assigned domain' => 'Määritetty domain', - 'NAT IP association' => 'NAT IP association', //no-idea + 'NAT IP association' => 'NAT IP yhteys', //no-idea 'shell' => 'shell', 'web domains' => 'web-domainit', 'web aliases' => 'web-aliakset', @@ -351,12 +351,12 @@ $LANG['fi'] = array( 'username' => 'käyttäjänimi', 'password' => 'salasana', 'type' => 'tyyppi', - 'charset' => 'charset', + 'charset' => 'merkistö', 'domain' => 'domain', 'ip' => 'ip', 'ip address' => 'ip-osoite', 'IP address' => 'IP-osoite', - 'netmask' => 'netmask', + 'netmask' => 'verkkopeite', 'interface' => 'yhdyskäytävä', 'assigned user' => 'omistaja', 'ns1' => 'ns1', @@ -385,35 +385,35 @@ $LANG['fi'] = array( 'Organization' => 'Organisaatio', 'Action' => 'Toiminta', 'Protocol' => 'Protokolla', - 'Port' => 'Port', + 'Port' => 'Portti', 'Comment' => 'Kommentti', 'Banlist' => 'Bannilista', 'ranges are acceptable' => 'vaihteluvälit ovat hyväksyttäviä', 'CIDR format is supported' => 'CIDR muotoa tuetaan', - 'ACCEPT' => 'ACCEPT', - 'DROP' => 'DROP', + 'ACCEPT' => 'HYVÄKSY', + 'DROP' => 'TIPUTA', 'TCP' => 'TCP', 'UDP' => 'UDP', 'ICMP' => 'ICMP', 'SSH' => 'SSH', 'FTP' => 'FTP', 'VESTA' => 'VESTA', - 'Add one more Name Server' => 'Add one more Name Server', + 'Add one more Name Server' => 'Lisää vielä yksi nimipalvelin', - 'web domain' => 'web domain', - 'dns domain' => 'dns domain', - 'dns record' => 'dns record', - 'mail domain' => 'mail domain', - 'mail account' => 'mail account', - 'cron job' => 'cron job', + 'web domain' => 'web domaini', + 'dns domain' => 'dns domaini', + 'dns record' => 'dns tietue', + 'mail domain' => 'mail domaini', + 'mail account' => 'mail tili', + 'cron job' => 'cron-tehtävä', 'cron' => 'cron', - 'user dir' => 'user dir', + 'user dir' => 'käyttäjän hakemisto', - 'unlimited' => 'unlimited', + 'unlimited' => 'rajoittamaton', '1 account' => '1 tili', '%s accounts' => '%s tiliä', - '1 domain' => '1 domain', + '1 domain' => '1 domaini', '%s domains' => '%s domainia', '1 record' => '1 tietue', '%s records' => '%s tietuetta', @@ -423,10 +423,10 @@ $LANG['fi'] = array( '%s databases' => '%s tietokantaa', '1 cron job' => '1 cron-tehtävä', '%s cron jobs' => '%s cron-tehtävää', - '1 archive' => '1 archive', - '%s archives' => '%s archives', - '1 item' => '1 item', - '%s items' => '%s items', + '1 archive' => '1 arkisto', + '%s archives' => '%s arkistoa', + '1 item' => '1 kohde', + '%s items' => '%s kohdetta', '1 package' => '1 paketti', '%s packages' => '%s pakettia', '1 IP address' => '1 IP-osoite', @@ -454,11 +454,11 @@ $LANG['fi'] = array( 'PACKAGE_CREATED_OK' => 'Paketti %s lisättiin onnistuneesti.', 'SSL_GENERATED_OK' => 'Sertifikaatti lisättiin onnistuneesti.', 'RULE_CREATED_OK' => 'Sääntö lisättiin onnistuneesti.', - 'BANLIST_CREATED_OK' => 'IP address has been banned successfully', + 'BANLIST_CREATED_OK' => 'IP-osoite on bannattu onnistuneesti', 'Autoupdate has been successfully enabled' => 'Automaattinen päivitys otettu käyttöön', 'Autoupdate has been successfully disabled' => 'Automaattinen päivitys poistettu käytöstä', - 'Cronjob email reporting has been successfully enabled' => 'Cronjob sähköposti raportointi on onnistuneesti mahdollistanut', - 'Cronjob email reporting has been successfully disabled' => 'Cronjob sähköposti raportointi on onnistuneesti poistettu', + 'Cronjob email reporting has been successfully enabled' => 'Ajoitettu sähköposti raportointi onnistuneesti aktivoitu', + 'Cronjob email reporting has been successfully disabled' => 'Ajoitettu sähköposti raportointi onnistuneesti poistettu käytöstä', 'Changes has been saved.' => 'Muutokset tallennettu.', 'Confirmation' => 'Hyväksyntä', 'DELETE_USER_CONFIRMATION' => 'Haluatko varmasti poistaa käyttäjän %s?', @@ -530,7 +530,7 @@ $LANG['fi'] = array( 'Confirm Password' => 'Hyväksy salasana', 'Reset' => 'Nollaa', 'Reset Code' => 'Nollauskoodi', - 'RESET_NOTICE' => '', // should we add something here? + 'RESET_NOTICE' => '', 'RESET_CODE_SENT' => 'Salasanan nollauskoodi on lähetetty sähköpostiisi
', 'MAIL_RESET_SUBJECT' => 'Salana vaihdettiin %s', 'PASSWORD_RESET_REQUEST' => "Nollataksesi hallintapaneelin salasanan, seuraa tätä linkkiä:\nhttps://%s/reset/?action=confirm&user=%s&code=%s\n\nVaihtoehtoisesti voit mennä https://%s/reset/?action=code&user=%s ja syöttää nollauskoodin:\n%s\n\nJos et varta vasten pyytänyt tätä salasananvaihtoa, mene paniikkiin ja ota yhteyttä ylläpitoon.\n\n--\nVesta-hallintapaneeli\n", @@ -549,54 +549,55 @@ $LANG['fi'] = array( 'Dec' => 'Jou', 'Configuring Server' => 'Konfiguroidaan palvelinta', - 'Hostname' => 'Hostname', + 'Hostname' => 'Osoite', 'Time Zone' => 'Aikavyöhyke', 'Default Language' => 'Oletuskieli', 'Proxy Server' => 'Välityspalvelin', 'Web Server' => 'Web Server', - 'Backend Server' => 'Backend Server', - 'Backend Pool Mode' => 'Backend Pool Mode', + 'Backend Server' => 'Taustapalvelin', + 'Backend Pool Mode' => 'Taustapalvelin Allas Tila', 'DNS Server' => 'DNS-palvelin', 'DNS Cluster' => 'DNS-klusteri', 'MAIL Server' => 'MAIL-palvelin', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmailin URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', - 'PostgreSQL Support' => 'PostgreSQL Support', + 'PostgreSQL Support' => 'PostgreSQL Tuki', 'phpPgAdmin URL' => 'phpPgAdmin URL', 'Maximum Number Of Databases' => 'Maksimimäärä tietokantoja', - 'Current Number Of Databases' => 'Current Number Of Databases', + 'Current Number Of Databases' => 'Nykyisten tietokantojen lukumäärä', 'Local backup' => 'Paikallinen varmuuskopio', - 'Compression level' => 'Compression level', + 'Compression level' => 'Pakkausaste', 'Directory' => 'Hakemisto', - 'Remote backup' => 'Remote backup', + 'Remote backup' => 'Etävarmuuskopiointi', 'ftp' => 'FTP', 'sftp' => 'SFTP', 'SFTP Chroot' => 'SFTP Chroot', - 'FileSystem Disk Quota' => 'FileSystem Disk Quota', - 'Vesta Control Panel Plugins' => 'Vesta Control Panel Plugins', - 'preview' => 'preview', - 'Reseller Role' => 'Reseller Role', - 'Web Config Editor' => 'Web Config Editor', - 'Template Manager' => 'Template Manager', - 'Backup Migration Manager' => 'Backup Migration Manager', + 'FileSystem Disk Quota' => 'FileSystem Levykiintiö', + 'Vesta Control Panel Plugins' => 'Vesta Hallintapaneeli Lisäosat', + 'preview' => 'esikatselu', + 'Reseller Role' => 'Jälleenmyyjän Rooli', + 'Web Config Editor' => 'Web-määrityseditori', + 'Template Manager' => 'Pohja Hallinta', + 'Backup Migration Manager' => 'Varmuuskopion Siirtymänhallinta', 'FileManager' => 'FileManager', - 'show: CPU / MEM / NET / DISK' => 'show: CPU / MEM / NET / DISK', + 'show: CPU / MEM / NET / DISK' => 'näytä: CPU / MEM / NET / DISK', - 'sort by' => 'sort by', + 'sort by' => 'järjestä', 'Date' => 'Päivämäärä', - 'Starred' => 'Starred', + 'Starred' => 'Tähditetty', 'Name' => 'Nimi', - 'save to favorites' => 'save to favorites', + 'save to favorites' => 'tallenna suosikkeihin', 'File Manager' => 'Tiedostonhallinta', 'size' => 'koko', 'date' => 'päivämäärä', 'name' => 'nimi', - 'Initializing' => 'Initializing', + 'Initializing' => 'Alustetaan', 'UPLOAD' => 'LÄHETÄ', 'NEW FILE' => 'UUSI TIEDOSTO', 'NEW DIR' => 'UUSI HAKEMISTO', @@ -609,117 +610,117 @@ $LANG['fi'] = array( 'EXTRACT' => 'PURA', 'DOWNLOAD' => 'LATAA', 'Are you sure?' => 'Oletko varma?', // unused? - 'Hit' => 'Hit', - 'to reload the page' => 'to reload the page', - 'Directory name cannot be empty' => 'Directory name cannot be empty', - 'File name cannot be empty' => 'File name cannot be empty', - 'No file selected' => 'No file selected', - 'No file or folder selected' => 'No file or folder selected', - 'File type not supported' => 'File type not supported', - 'Directory download not available in current version' => 'Directory download not available in current version', - 'Directory not available' => 'Directory not available', - 'Done' => 'Done', + 'Hit' => 'Osuma', + 'to reload the page' => 'ladataksesi sivu uudelleen', + 'Directory name cannot be empty' => 'Hakemiston nimi ei voi olla tyhjä', + 'File name cannot be empty' => 'Tiedostonimi ei voi olla tyhjä', + 'No file selected' => 'Ei tiedostoa valittuna', + 'No file or folder selected' => 'Ei tiedostoa tai kansiota valittuna', + 'File type not supported' => 'Tiedostotyyppiä ei tueta', + 'Directory download not available in current version' => 'Hakemiston lataus ei ole saatavilla nykyisessä versiossa', + 'Directory not available' => 'Hakemisto ei ole käytettävissä', + 'Done' => 'Tehty', 'Close' => 'Sulje', 'Copy' => 'Kopioi', 'Cancel' => 'Peru', 'Rename' => 'Uudelleennimeä', 'Move' => 'Siirrä', - 'Change Rights' => 'Change Rights', + 'Change Rights' => 'Muuta Oikeuksia', 'Delete' => 'Poista', 'Extract' => 'Pura', 'Create' => 'Luo', 'Compress' => 'Pakkaa', 'OK' => 'OK', - 'YOU ARE COPYING' => 'YOU ARE COPYING', // unused? - 'YOU ARE REMOVING' => 'YOU ARE REMOVING', - 'Delete items' => 'Delete items', + 'YOU ARE COPYING' => 'OLET KOPIOIMASSA', // unused? + 'YOU ARE REMOVING' => 'OLET POISTAMASSA', + 'Delete items' => 'Poista kohteet', 'Copy files' => 'Kopioi tiedostoja', 'Move files' => 'Siirrä tiedostoja', - 'Are you sure you want to copy' => 'Are you sure you want to copy', - 'Are you sure you want to move' => 'Are you sure you want to move', - 'Are you sure you want to delete' => 'Are you sure you want to delete', - 'into' => 'into', - 'existing files will be replaced' => 'existing files will be replaced', - 'Original name' => 'Original name', + 'Are you sure you want to copy' => 'Haluatko varmasti kopioida', + 'Are you sure you want to move' => 'Haluatko varmasti siirtää', + 'Are you sure you want to delete' => 'Haluatko varmasti poistaa', + 'into' => 'osaksi', + 'existing files will be replaced' => 'olemassa olevat tiedostot korvataan', + 'Original name' => 'Alkuperäinen nimi', 'File' => 'Tiedosto', 'already exists' => 'on jo olemassa', 'Create file' => 'Luo tiedosto', 'Create directory' => 'Luo hakemisto', - 'read by owner' => 'read by owner', - 'write by owner' => 'write by owner', - 'execute/search by owner' => 'execute/search by owner', - 'read by group' => 'read by group', - 'write by group' => 'write by group', - 'execute/search by group' => 'execute/search by group', - 'read by others' => 'read by others', - 'write by others' => 'write by others', - 'execute/search by others' => 'execute/search by others', + 'read by owner' => 'read by owner', // no idea + 'write by owner' => 'write by owner', // no idea + 'execute/search by owner' => 'execute/search by owner', // no idea + 'read by group' => 'read by group',// no idea + 'write by group' => 'write by group', // no idea + 'execute/search by group' => 'execute/search by group', // no idea + 'read by others' => 'read by others', // no idea + 'write by others' => 'write by others', // no idea + 'execute/search by others' => 'execute/search by others', // no idea - 'Shortcuts' => 'Shortcuts', - 'Add New object' => 'Add New object', - 'Save Form' => 'Save Form', - 'Cancel saving form' => 'Cancel saving form', - 'Go to USER list' => 'Go to USER list', - 'Go to WEB list' => 'Go to WEB list', - 'Go to DNS list' => 'Go to DNS list', - 'Go to MAIL list' => 'Go to MAIL list', - 'Go to DB list' => 'Go to DB list', - 'Go to CRON list' => 'Go to CRON list', - 'Go to BACKUP list' => 'Go to BACKUP list', - 'Focus on search' => 'Focus on search', - 'Display/Close shortcuts' => 'Display/Close shortcuts', - 'Move backward through top menu' => 'Move backward through top menu', - 'Move forward through top menu' => 'Move forward through top menu', - 'Enter focused element' => 'Enter focused element', - 'Move up through elements list' => 'Move up through elements list', - 'Move down through elements list' => 'Move down through elements list', + 'Shortcuts' => 'Pikavalinnat', + 'Add New object' => 'Lisää uusi objekti', + 'Save Form' => 'Tallenna Lomake', + 'Cancel saving form' => 'Peruuta tallennuslomake', + 'Go to USER list' => 'Mene USER listaan', + 'Go to WEB list' => 'Mene WEB listaan', + 'Go to DNS list' => 'Mene DNS listaan', + 'Go to MAIL list' => 'Mene MAIL listaan', + 'Go to DB list' => 'Mene DB listaan', + 'Go to CRON list' => 'Mene CRON listaan', + 'Go to BACKUP list' => 'Mene BACKUP listaan', + 'Focus on search' => 'Keskity hakuun', + 'Display/Close shortcuts' => 'Näytä/Piilota pikavalinnat', + 'Move backward through top menu' => 'Siirrä taaksepäin ylävalikosta', + 'Move forward through top menu' => 'Siirry eteenpäin ylävalikosta', + 'Enter focused element' => 'Anna valittuun elementtiin', + 'Move up through elements list' => 'Siirry ylöspäin elementtien listassa', + 'Move down through elements list' => 'Siirry alaspäin elementtien listassa', 'Upload' => 'Lähetä', 'New File' => 'Uusi kansio', 'New Folder' => 'Uusi hakemisto', 'Download' => 'Lataa', 'Archive' => 'Arkisto', - 'Save File (in text editor)' => 'Save File (in text editor)', - 'Close Popup / Cancel' => 'Close Popup / Cancel', - 'Move Cursor Up' => 'Move Cursor Up', - 'Move Cursor Down' => 'Move Cursor Down', - 'Switch to Left Tab' => 'Switch to Left Tab', - 'Switch to Right Tab' => 'Switch to Right Tab', - 'Switch Tab' => 'Switch Tab', - 'Go to the Top of the File List' => 'Go to the Top of the File List', - 'Go to the Last File' => 'Go to the Last File', - 'Open File / Enter Directory' => 'Open File / Enter Directory', - 'Edit File' => 'Edit File', - 'Go to Parent Directory' => 'Go to Parent Directory', - 'Select Current File' => 'Select Current File', - 'Select Bunch of Files' => 'Select Bunch of Files', - 'Add File to the Current Selection' => 'Add File to the Current Selection', + 'Save File (in text editor)' => 'Tallenna tiedosto (tekstieditorissa)', + 'Close Popup / Cancel' => 'Sulje ponnahdusikkuna / Peruuta', + 'Move Cursor Up' => 'Siirrä Osoitin Ylös', + 'Move Cursor Down' => 'Siirrä Osoitin Alas', + 'Switch to Left Tab' => 'Vaihda Vasempaan Välilehteen', + 'Switch to Right Tab' => 'Vaihda Oikeaan Välilehteen', + 'Switch Tab' => 'Vaihda Välilehteä', + 'Go to the Top of the File List' => 'Siirry Tiedosto Luettelon Yläreunaan', + 'Go to the Last File' => 'Siirry Viimeiseen Tiedostoon', + 'Open File / Enter Directory' => 'Avaa Tiedosto / Anna hakemisto', + 'Edit File' => 'Muokkaa tiedostoa', + 'Go to Parent Directory' => 'Mene emohakemistoon', + 'Select Current File' => 'Valitse Nykyinen Tiedosto', + 'Select Bunch of Files' => 'Valitse Joukko Tiedostoja', + 'Add File to the Current Selection' => 'Lisää Tiedosto Nykyiseen Valintaan', 'Select All Files' => 'Valitse kaikki tiedostot', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => - 'shortcuts are inspired by magnificent GNU Midnight Commander file manager', + 'pikavalinnat inspiroi upea GNU Midnight Commander tiedostonhallinta', 'Licence Key' => 'Lisenssiavain', - 'Enter License Key' => 'Enter License Key', + 'Enter License Key' => 'Syötä Lisenssi Avain', 'Buy Licence' => 'Osta lisenssi', 'Buy Lifetime License' => 'Osta elinikäinen lisenssi', - 'Disable and Cancel Licence' => 'Disable and Cancel Licence', + 'Disable and Cancel Licence' => 'Poista Käytöstä ja Peruuta Lisenssi', 'Licence Activated' => 'Lisenssi aktivoitu', 'Licence Deactivated' => 'Lisenssi deaktivoitu', - 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Restrict users so that they cannot use SSH and access only their home directory.', - 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.', - 'This is a commercial module, you would need to purchace license key to enable it.' => 'This is a commercial module, you would need to purchace license key to enable it.', + 'Restrict users so that they cannot use SSH and access only their home directory.' => 'Rajoita käyttäjiä siten, että he eivät voi käyttää SSH:ta ja heillä on pääsy vain kotikansioonsa.', + 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'Selaa, kopioi, muokkaa, tarkastele ja hae kaikista web palveluista täysin varustellulla File Managerilla.', + 'This is a commercial module, you would need to purchace license key to enable it.' => 'Tämä on kaupallinen moduuli, sinun on ostettava lisenssiavain, ottaaksesi se käyttöön.', 'Minutes' => 'Minuutittain', // fuzzy 'Hourly' => 'Tunneittain', 'Run Command' => 'Aja Komento', 'every month' => 'joka kuukausi', 'every odd month' => 'joka toinen kuukausi', - 'every even month' => 'every even month', + 'every even month' => 'joka parillinen kuukausi', 'every day' => 'joka päivä', 'every odd day' => 'joka toinen päivä', - 'every even day' => 'every even day', - 'weekdays (5 days)' => 'weekdays (5 days)', - 'weekend (2 days)' => 'weekend (2 days)', + 'every even day' => 'joka parillinen päivä', + 'weekdays (5 days)' => 'arkisin (5 päivää)', + 'weekend (2 days)' => 'viikonloppu (2 päivää)', 'Monday' => 'Maanantai', 'Tuesday' => 'Tiistai', 'Wednesday' => 'Keskiviikko', @@ -731,7 +732,7 @@ $LANG['fi'] = array( 'every two hours' => 'joka toinen tunti', 'every minute' => 'joka minuutti', 'every two minutes' => 'joka toinen minuutti', - 'every' => 'every', + 'every' => 'joka', 'Generate' => 'Generoi', 'webalizer' => 'webalizer', @@ -746,16 +747,16 @@ $LANG['fi'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'Use server hostname', - 'Use domain hostname' => 'Use domain hostname', - 'Use STARTTLS' => 'Use STARTTLS', - 'Use SSL / TLS' => 'Use SSL / TLS', - 'No encryption' => 'No encryption', - 'Do not use encryption' => 'Do not use encryption', + 'Use server hostname' => 'Käytä palvelimen isäntänimeä', + 'Use domain hostname' => 'Käytä verkkotunnuksen isäntänimeä', + 'Use STARTTLS' => 'Käytä STARTTLS', + 'Use SSL / TLS' => 'Käytä SSL / TLS', + 'No encryption' => 'Ei salausta', + 'Do not use encryption' => 'Älä käytä salausta', - 'maximum characters length, including prefix' => 'maximum %s characters length, including prefix', + 'maximum characters length, including prefix' => 'maksimissaan %s merkkiä pitkä, mukaan lukien etuliite', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'Sähköpostitiedot', // Texts below doesn't exist in en.php 'traffic' => 'tiedonsiirto', diff --git a/web/inc/i18n/fr.php b/web/inc/i18n/fr.php index c57e6266..4e2e3144 100644 --- a/web/inc/i18n/fr.php +++ b/web/inc/i18n/fr.php @@ -559,6 +559,7 @@ $LANG['fr'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/hu.php b/web/inc/i18n/hu.php index af461107..1c37f93f 100644 --- a/web/inc/i18n/hu.php +++ b/web/inc/i18n/hu.php @@ -563,6 +563,7 @@ $LANG['hu'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/id.php b/web/inc/i18n/id.php index 1a55af74..4702b7cc 100644 --- a/web/inc/i18n/id.php +++ b/web/inc/i18n/id.php @@ -560,6 +560,7 @@ $LANG['id'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/it.php b/web/inc/i18n/it.php index ec7a83d5..1e104c51 100644 --- a/web/inc/i18n/it.php +++ b/web/inc/i18n/it.php @@ -560,6 +560,7 @@ $LANG['it'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/ja.php b/web/inc/i18n/ja.php index f2836948..a592fd7b 100644 --- a/web/inc/i18n/ja.php +++ b/web/inc/i18n/ja.php @@ -559,6 +559,7 @@ $LANG['ja'] = array( 'MAIL Server' => 'メールサーバー', 'Antivirus' => 'アンチウイルス', 'AntiSpam' => 'アンチスパム', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'ウェブメールのURL', 'MySQL Support' => 'MySQLのサポート', 'phpMyAdmin URL' => 'phpMyAdminのURL', diff --git a/web/inc/i18n/ka.php b/web/inc/i18n/ka.php index 0ebf2d11..1512e06c 100644 --- a/web/inc/i18n/ka.php +++ b/web/inc/i18n/ka.php @@ -559,6 +559,7 @@ $LANG['ka'] = array( 'MAIL Server' => 'ელფოსტის სერვერი', 'Antivirus' => 'ანტივირუსი', 'AntiSpam' => 'ანტისპამი', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'ვებფოსტის URL', 'MySQL Support' => 'MySQL-ის მხარდაჭერა', 'phpMyAdmin URL' => 'phpMyAdmin-ის URL', @@ -744,14 +745,14 @@ $LANG['ka'] = array( 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', - 'Use server hostname' => 'Use server hostname', - 'Use domain hostname' => 'Use domain hostname', - 'Use STARTTLS' => 'Use STARTTLS', - 'Use SSL / TLS' => 'Use SSL / TLS', - 'No encryption' => 'No encryption', - 'Do not use encryption' => 'Do not use encryption', + 'Use server hostname' => 'სერვერის hostname-ის გამოყენება', + 'Use domain hostname' => 'დეომენის hostname-ის გამოყენება', + 'Use STARTTLS' => 'STARTTLS-ის გამოყენება', + 'Use SSL / TLS' => 'SSL / TLS-ის გამოყენება', + 'No encryption' => 'დაშიფრვის გარეშე', + 'Do not use encryption' => 'არ გამოიყენო დაშიფრვა', - 'maximum characters length, including prefix' => 'maximum %s characters length, including prefix', + 'maximum characters length, including prefix' => 'დასაშვებია მაქსიმუმ %s სიმბოლო, პრეფიქსის ჩათვლით', - 'Email Credentials' => 'Email Credentials', + 'Email Credentials' => 'რეკვიზიტების ელ-ფოსტით გაგზავნა', ); diff --git a/web/inc/i18n/ko.php b/web/inc/i18n/ko.php index a032f265..1b09de25 100644 --- a/web/inc/i18n/ko.php +++ b/web/inc/i18n/ko.php @@ -559,6 +559,7 @@ $LANG['ko'] = array( 'MAIL Server' => 'MAIL 서버', 'Antivirus' => '바이러스 필터링', 'AntiSpam' => '스팸 필터링', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => '웹메일 주소', 'MySQL Support' => 'MySQL 지원', 'phpMyAdmin URL' => 'phpMyAdmin 주소', diff --git a/web/inc/i18n/nl.php b/web/inc/i18n/nl.php index fc86a88b..851fe46d 100644 --- a/web/inc/i18n/nl.php +++ b/web/inc/i18n/nl.php @@ -563,6 +563,7 @@ $LANG['nl'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/no.php b/web/inc/i18n/no.php index 45c23f22..fe026f39 100644 --- a/web/inc/i18n/no.php +++ b/web/inc/i18n/no.php @@ -560,6 +560,7 @@ $LANG['no'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/pl.php b/web/inc/i18n/pl.php index 23c8016c..e649a22c 100644 --- a/web/inc/i18n/pl.php +++ b/web/inc/i18n/pl.php @@ -560,6 +560,7 @@ $LANG['pl'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/pt-BR.php b/web/inc/i18n/pt-BR.php index 686af900..303ae53f 100644 --- a/web/inc/i18n/pt-BR.php +++ b/web/inc/i18n/pt-BR.php @@ -559,6 +559,7 @@ $LANG['pt-BR'] = array( 'MAIL Server' => 'Servidor de E-MAIL', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'Suporte MySQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/pt.php b/web/inc/i18n/pt.php index ec1eb670..02d3bf51 100644 --- a/web/inc/i18n/pt.php +++ b/web/inc/i18n/pt.php @@ -559,6 +559,7 @@ $LANG['pt'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/ro.php b/web/inc/i18n/ro.php index 0a9e93e3..5b70f5d5 100644 --- a/web/inc/i18n/ro.php +++ b/web/inc/i18n/ro.php @@ -561,6 +561,7 @@ $LANG['ro'] = array( 'MAIL Server' => 'Server MAIL', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Foloseşte certificatul SSL din domeniul WEB', 'Webmail URL' => 'URL Webmail', 'MySQL Support' => 'Suport MySQL', 'phpMyAdmin URL' => 'URL phpMyAdmin', diff --git a/web/inc/i18n/ru.php b/web/inc/i18n/ru.php index a109056c..58829fad 100644 --- a/web/inc/i18n/ru.php +++ b/web/inc/i18n/ru.php @@ -561,6 +561,7 @@ $LANG['ru'] = array( 'MAIL Server' => 'MAIL Сервер', 'Antivirus' => 'Антивирус', 'AntiSpam' => 'АнтиСпам', + 'Use Web Domain SSL Certificate' => 'Использовать SSL сертификат веб домена', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'Поддержка MySQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/se.php b/web/inc/i18n/se.php index 87bb1910..96c5af9c 100644 --- a/web/inc/i18n/se.php +++ b/web/inc/i18n/se.php @@ -559,6 +559,7 @@ $LANG['se'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/sr.php b/web/inc/i18n/sr.php index dc1f315c..759ab6c9 100644 --- a/web/inc/i18n/sr.php +++ b/web/inc/i18n/sr.php @@ -559,6 +559,7 @@ $LANG['sr'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL podrška', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/th.php b/web/inc/i18n/th.php index 07beb85e..2878192f 100644 --- a/web/inc/i18n/th.php +++ b/web/inc/i18n/th.php @@ -562,6 +562,7 @@ $LANG['th'] = array( 'MAIL Server' => 'เซิร์ฟเวอร์เมล', 'Antivirus' => 'ป้องกันไวรัส', 'AntiSpam' => 'ป้องกันเมลขยะ', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'สนับสนุน MySQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/tr.php b/web/inc/i18n/tr.php index 7f2875b9..a7fadc43 100644 --- a/web/inc/i18n/tr.php +++ b/web/inc/i18n/tr.php @@ -560,6 +560,7 @@ $LANG['tr'] = array( 'MAIL Server' => 'MAIL Server', 'Antivirus' => 'Antivirus', 'AntiSpam' => 'AntiSpam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'MySQL Support', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/tw.php b/web/inc/i18n/tw.php index d35cba4a..163bee62 100644 --- a/web/inc/i18n/tw.php +++ b/web/inc/i18n/tw.php @@ -4,11 +4,9 @@ * This language file is translate by * Clark's Hosting Service (https://host.clark-chen.com) * Clark Chen (clark@clark-chen.com) - * - * Translation recheck by: - * pan93412 */ $LANG['tw'] = array( + 'Packages' => '方案設定', 'IP' => 'IP 管理', 'Graphs' => '資源使用圖表', @@ -83,8 +81,8 @@ $LANG['tw'] = array( 'rebuild db' => '重建資料庫', 'rebuild cron' => '重建任務排程', 'update counters' => '更新計數器', - 'suspend' => '暫停', - 'unsuspend' => '解除暫停', + 'suspend' => '停用', + 'unsuspend' => '解除停用', 'delete' => '刪除', 'show per user' => '依選擇的使用者', 'login as' => '登入帳號', @@ -144,8 +142,8 @@ $LANG['tw'] = array( 'Adding IP Address to Banlist' => '新增IP至黑名單', 'active' => '正常', - 'spnd' => '暫停', - 'suspended' => '已暫停', + 'spnd' => '停用', + 'suspended' => '已停用', 'running' => '執行中', 'stopped' => '已停止', 'outdated' => '有可升級的新版本', @@ -199,9 +197,9 @@ $LANG['tw'] = array( 'SSL Home Directory' => 'SSL 主目錄', 'Lets Encrypt Support' => 'Lets Encrypt 支援', 'Lets Encrypt' => 'Lets Encrypt', - 'Your certificate will be automatically issued in 5 minutes' => '您的憑證會在五分鐘內完成簽署', + 'Your certificate will be automatically issued in 5 minutes' => '您的憑證會在五分鐘內完成簽發', 'Proxy Support' => 'Proxy 支援', - 'Proxy Extensions' => 'Proxy 擴充', + 'Proxy Extensions' => 'Proxy 副檔名', 'Web Statistics' => '網站統計', 'Additional FTP Account' => '其他 FTP 帳號', 'Path' => '路徑', @@ -219,7 +217,6 @@ $LANG['tw'] = array( 'Autoreply' => '自動回覆', 'Forward to' => '轉寄到', 'Do not store forwarded mail' => '不保留已轉發的郵件', - 'Email Credentials' => '信箱登入資訊', 'IMAP hostname' => 'IMAP 主機名稱', 'IMAP port' => 'IMAP 連接埠', 'IMAP security' => 'IMAP 安全性', @@ -393,8 +390,8 @@ $LANG['tw'] = array( 'Banlist' => '封鎖清單', 'ranges are acceptable' => '可接受陣列', 'CIDR format is supported' => '支援 CIDR 格式', - 'ACCEPT' => 'ACCEPT', - 'DROP' => 'DROP', + 'ACCEPT' => '允許', + 'DROP' => '封鎖', 'TCP' => 'TCP', 'UDP' => 'UDP', 'ICMP' => 'ICMP', @@ -403,11 +400,11 @@ $LANG['tw'] = array( 'VESTA' => 'VESTA', 'Add one more Name Server' => '新增至少一個域名伺服器', - 'web domain' => 'web 網域', - 'dns domain' => 'dns 網域', - 'dns record' => 'dns 紀錄', - 'mail domain' => 'mail 紀錄', - 'mail account' => 'mail 帳號', + 'web domain' => 'Web 網域', + 'dns domain' => 'DNS 網域', + 'dns record' => 'DNS 紀錄', + 'mail domain' => 'Mail 紀錄', + 'mail account' => 'Mail 帳號', 'cron job' => '任務排程', 'cron' => '任務排程', @@ -465,30 +462,30 @@ $LANG['tw'] = array( 'Changes has been saved.' => '已儲存變更', 'Confirmation' => '確認', 'DELETE_USER_CONFIRMATION' => '確定要刪除使用者 %s 嗎?', - 'SUSPEND_USER_CONFIRMATION' => '確定要暫停使用者 %s 嗎?', - 'UNSUSPEND_USER_CONFIRMATION' => '確定要解除暫停使用者 %s 嗎?', + 'SUSPEND_USER_CONFIRMATION' => '確定要停用使用者 %s 嗎?', + 'UNSUSPEND_USER_CONFIRMATION' => '確定要解除停用使用者 %s 嗎?', 'DELETE_DOMAIN_CONFIRMATION' => '確定要刪除網域 %s 嗎?', - 'SUSPEND_DOMAIN_CONFIRMATION' => '確定要暫停網域 %s 嗎?', - 'UNSUSPEND_DOMAIN_CONFIRMATION' => '確定要解除暫停網域 %s 嗎?', + 'SUSPEND_DOMAIN_CONFIRMATION' => '確定要停用網域 %s 嗎?', + 'UNSUSPEND_DOMAIN_CONFIRMATION' => '確定要解除停用網域 %s 嗎?', 'DELETE_RECORD_CONFIRMATION' => '確定要刪除記錄 %s 嗎?', - 'SUSPEND_RECORD_CONFIRMATION' => '確定要暫停記錄 %s 嗎?', - 'UNSUSPEND_RECORD_CONFIRMATION' => '確定要解除暫停紀錄 %s 嗎?', + 'SUSPEND_RECORD_CONFIRMATION' => '確定要停用記錄 %s 嗎?', + 'UNSUSPEND_RECORD_CONFIRMATION' => '確定要解除停用紀錄 %s 嗎?', 'DELETE_MAIL_ACCOUNT_CONFIRMATION' => '確定要刪除 %s 嗎?', - 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要暫停 %s 嗎?', - 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要解除暫停 %s 嗎?', + 'SUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要停用 %s 嗎?', + 'UNSUSPEND_MAIL_ACCOUNT_CONFIRMATION' => '確定要解除停用 %s 嗎?', 'DELETE_DATABASE_CONFIRMATION' => '確定要刪除資料庫 %s 嗎?', - 'SUSPEND_DATABASE_CONFIRMATION' => '確定要暫停資料庫 %s 嗎?', - 'UNSUSPEND_DATABASE_CONFIRMATION' => '確定要解除暫停資料庫 %s 嗎?', + 'SUSPEND_DATABASE_CONFIRMATION' => '確定要停用資料庫 %s 嗎?', + 'UNSUSPEND_DATABASE_CONFIRMATION' => '確定要解除停用資料庫 %s 嗎?', 'DELETE_CRON_CONFIRMATION' => '確定要刪除 任務排程嗎?', - 'SUSPEND_CRON_CONFIRMATION' => '確定要暫停 任務排程嗎?', - 'UNSUSPEND_CRON_CONFIRMATION' => '確定要解除暫停 任務排程嗎?', + 'SUSPEND_CRON_CONFIRMATION' => '確定要停用 任務排程嗎?', + 'UNSUSPEND_CRON_CONFIRMATION' => '確定要解除停用 任務排程嗎?', 'DELETE_BACKUP_CONFIRMATION' => '確定要刪除 %s 備份嗎?', 'DELETE_EXCLUSION_CONFIRMATION' => '確定要刪除 %s 例外嗎?', 'DELETE_PACKAGE_CONFIRMATION' => '確定要刪除方案 %s 嗎?', 'DELETE_IP_CONFIRMATION' => '確定要刪除 IP 地址 %s 嗎?', - 'DELETE_RULE_CONFIRMATION' => '確定要刪除規則 #%s 嗎?', - 'SUSPEND_RULE_CONFIRMATION' => '確定要暫停規則 #%s 嗎?', - 'UNSUSPEND_RULE_CONFIRMATION' => '確定要解除暫停規則 #%s 嗎?', + 'DELETE_RULE_CONFIRMATION' => '確定要刪除防火牆規則 #%s 嗎?', + 'SUSPEND_RULE_CONFIRMATION' => '確定要停用防火牆規則 #%s 嗎?', + 'UNSUSPEND_RULE_CONFIRMATION' => '確定要解除停用防火牆規則 #%s 嗎?', 'LEAVE_PAGE_CONFIRMATION' => '確定離開嗎?', 'RESTART_CONFIRMATION' => '確定要重新啟動 %s 嗎?', 'Welcome' => '歡迎', @@ -564,6 +561,7 @@ $LANG['tw'] = array( 'MAIL Server' => 'MAIL 伺服器', 'Antivirus' => '病毒防護', 'AntiSpam' => '垃圾郵件防護', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Webmail 路徑', 'MySQL Support' => 'MySQL 支援', 'phpMyAdmin URL' => 'phpMyAdmin 路徑', @@ -757,4 +755,6 @@ $LANG['tw'] = array( 'Do not use encryption' => '不要使用加密', 'maximum characters length, including prefix' => '最多 %s 字元 (包含前綴)', + + 'Email Credentials' => '信箱登入資訊', ); diff --git a/web/inc/i18n/ua.php b/web/inc/i18n/ua.php index cf47496d..136cc73f 100644 --- a/web/inc/i18n/ua.php +++ b/web/inc/i18n/ua.php @@ -560,6 +560,7 @@ $LANG['ua'] = array( 'MAIL Server' => 'MAIL сервер', 'Antivirus' => 'Антивірус', 'AntiSpam' => 'АнтиСпам', + 'Use Web Domain SSL Certificate' => 'Використовувати SSL сертифікат веб домену', 'Webmail URL' => 'Webmail URL', 'MySQL Support' => 'Підтримка MySQL', 'phpMyAdmin URL' => 'phpMyAdmin URL', diff --git a/web/inc/i18n/ur.php b/web/inc/i18n/ur.php index d01a401d..2c95e821 100644 --- a/web/inc/i18n/ur.php +++ b/web/inc/i18n/ur.php @@ -70,6 +70,7 @@ $LANG['ur'] = array( 'Back' => 'پیچھے', 'Save' => 'محفوظ کریں', 'Submit' => 'جمع', + 'toggle all' => 'تمام ٹاگل', 'apply to selected' => 'منتخب شدہ پر لاگو', 'rebuild' => 'تعمیر نو', @@ -108,6 +109,7 @@ $LANG['ur'] = array( 'enable autoupdate' => 'آٹو اپ ڈیٹ کو چالو', 'disable autoupdate' => 'غیر فعال آٹو اپ ڈیٹ', 'configure' => 'ترتیب دے', + 'Adding User' => 'شامل کرنے صارف', 'Editing User' => 'ترمیم صارف', 'Adding Domain' => 'ڈومین کو شامل کرنے سے', @@ -135,6 +137,7 @@ $LANG['ur'] = array( 'Adding Firewall Rule' => 'فصیل اصول کو شامل کرنے سے', 'Editing Firewall Rule' => 'ترمیم فصیل اصول', 'Adding IP Address to Banlist' => 'Banlist کرنے IP ایڈریس کو شامل کرنے سے', + 'active' => 'فعال', 'spnd' => 'معطل', 'suspended' => 'معطل', @@ -142,6 +145,7 @@ $LANG['ur'] = array( 'stopped' => 'بند کر دیا', 'outdated' => 'فرسودہ', 'updated' => 'اپ ڈیٹ', + 'yes' => 'جی ہاں', 'no' => 'نہیں', 'none' => 'کوئی بھی', @@ -392,14 +396,17 @@ $LANG['ur'] = array( 'FTP' => 'FTP', 'VESTA' => 'Vesta کی', 'Add one more Name Server' => 'ایک اور نام سرور شامل کریں', + 'web domain' => 'ویب ڈومین', 'dns domain' => 'DNS ڈومین', 'dns record' => 'DNS ریکارڈ', 'mail domain' => 'میل ڈومین', 'mail account' => 'میل اکاؤنٹ', 'cron job' => 'کرون کام', + 'cron' => 'کرون', 'user dir' => 'صارف دیر', + 'unlimited' => 'لامحدود', '1 account' => '1 اکاؤنٹ', '%s accounts' => '٪s کے اکاؤنٹس', @@ -494,12 +501,14 @@ $LANG['ur'] = array( 'BACKUP_EXISTS' => 'ایک موجودہ بیک اپ کو پہلے ہی چل رہا ہے. کہ بیک اپ کو ختم کرنے کے لئے براہ کرم انتظار کریں.', 'RESTORE_SCHEDULED' => 'ٹاسک قطار میں شامل کیا گیا ہے. جب آپ کو بحال مکمل کیا گیا ہے آپ کو ایک ای میل کی اطلاع وصول کریں گے.', 'RESTORE_EXISTS' => 'ایک موجودہ بحالی کا کام پہلے سے ہی چل رہا ہے. جو اسے دوبارہ شروع کرنے سے پہلے ختم کرنے کے لئے براہ کرم انتظار کریں.', + 'WEB_EXCLUSIONS' => 'قسم ڈومین کا نام ہے، ایک فی لائن. تمام ڈومینز استعمال کرتے خارج کرنے کے *. شکل مندرجہ ذیل مخصوص dirs استعمال کو خارج کرنے کے لئے: domain.com:public_html/cache:public_html/tmp', 'DNS_EXCLUSIONS' => 'قسم ڈومین کا نام ہے، ایک فی لائن. تمام ڈومینز استعمال کرتے خارج کرنے کے *', 'MAIL_EXCLUSIONS' => 'قسم ڈومین کا نام ہے، ایک فی لائن. تمام ڈومینز استعمال کرتے خارج کرنے کے *. شکل مندرجہ ذیل مخصوص اکاؤنٹس کے استعمال کو خارج کرنے کے لئے: domain.com:info:support:postmaster', 'DB_EXCLUSIONS' => 'مکمل ڈیٹا بیس کا نام ٹائپ کریں، فی لائن ایک. تمام ڈیٹا بیس کا استعمال کرتے خارج کرنے کے *', 'CRON_EXCLUSIONS' => 'تمام ملازمتوں کا استعمال کرتے خارج کرنے کے *', 'USER_EXCLUSIONS' => 'قسم ڈائریکٹری کا نام ہے، ایک فی لائن. تمام dirs استعمال کرتے exlude کرنے *', + 'Welcome to Vesta Control Panel' => 'Vesta کی کنٹرول پینل میں خوش آمدید', 'MAIL_FROM' => ' Vesta کی کنٹرول پینل ', 'GREETINGS_GORDON_FREEMAN' => "ہیلو, %s %s,\n", @@ -535,6 +544,7 @@ $LANG['ur'] = array( 'Oct' => 'اکتوبر', 'Nov' => 'نومبر', 'Dec' => 'دسمبر', + 'Configuring Server' => 'ترتیب سرور', 'Hostname' => 'میزبان کا نام', 'Time Zone' => 'ٹائم زون', @@ -548,6 +558,7 @@ $LANG['ur'] = array( 'MAIL Server' => 'میل سرور', 'Antivirus' => 'اینٹی وائرس', 'AntiSpam' => 'اینٹی سپیم', + 'Use Web Domain SSL Certificate' => 'ایس ایس ایل ویب ڈومین سرٹیفکیٹ کااستعمال کریں', 'Webmail URL' => 'ویب میل URL', 'MySQL Support' => 'ایس کیو ایل کی معاونت کی', 'phpMyAdmin URL' => 'phpMyAdmin کے یو آر ایل', @@ -571,11 +582,14 @@ $LANG['ur'] = array( 'Backup Migration Manager' => 'بیک اپ مائیگریشن مینیجر', 'FileManager' => 'فائل مینیجر', 'show: CPU / MEM / NET / DISK' => 'دکھائیں: CPU / MEM / NET / ڈسک', + 'sort by' => 'بہ ترتیب', 'Date' => 'تاریخ', 'Starred' => 'ستارے کے نشان', 'Name' => 'نام', + 'save to favorites' => 'پسندیدہ میں محفوظ کریں', + 'File Manager' => 'فائل منیجر', 'size' => 'سائز', 'date' => 'تاریخ', @@ -638,6 +652,7 @@ $LANG['ur'] = array( 'read by others' => 'دوسروں کی طرف سے پڑھا', 'write by others' => 'دوسروں کی طرف سے لکھ', 'execute/search by others' => 'پھانسی دوسروں کی طرف سے / تلاش', + 'Shortcuts' => 'شارٹ کٹ', 'Add New object' => 'نیا اعتراض شامل کریں', 'Save Form' => 'فارم محفوظ کریں', @@ -656,6 +671,7 @@ $LANG['ur'] = array( 'Enter focused element' => 'مرکوز عنصر درج', 'Move up through elements list' => 'عناصر فہرست کے ذریعے اوپر منتقل کریں', 'Move down through elements list' => 'عناصر فہرست کے ذریعے نیچے لے جائیں', + 'Upload' => 'اپ لوڈ کریں', 'New File' => 'نئی فائل', 'New Folder' => 'نیا فولڈر', @@ -679,6 +695,7 @@ $LANG['ur'] = array( 'Select All Files' => 'تمام فائلوں کو منتخب', 'shortcuts are inspired by magnificent GNU Midnight Commander file manager' => '.فائل مینیجر Midnight Commander شارٹ کٹ شاندار GNU سے متاثر ہیں', + 'Licence Key' => 'لائسنس کلید', 'Enter License Key' => 'لائسنس کلید درج کریں', 'Buy Licence' => 'ابھی لائسنس', @@ -689,6 +706,7 @@ $LANG['ur'] = array( 'Restrict users so that they cannot use SSH and access only their home directory.' => 'وہ SSH اور رسائی صرف ان کے گھر کی ڈائریکٹری کا استعمال نہیں کر سکتے ہیں تاکہ صارفین کو محدود کریں.', 'Browse, copy, edit, view, and retrieve all of your web domain files using fully featured File Manager.' => 'براؤز کریں، کاپی، ترمیم، دیکھیں، اور مکمل طور پر نمایاں فائل مینیجر کا استعمال کرتے ہوئے آپ کی ویب ڈومین فائلوں کی تمام بازیافت.', 'This is a commercial module, you would need to purchace license key to enable it.' => 'یہ ایک تجارتی ماڈیول ہے، آپ اسے چالو کرنے کے لئے لائسنس کی چابی purchace کرنے کی ضرورت گا.', + 'Minutes' => 'منٹس', 'Hourly' => 'گھنٹہ وار', 'Run Command' => 'چلائیں کمان', @@ -713,8 +731,10 @@ $LANG['ur'] = array( 'every two minutes' => 'ہر دو منٹ', 'every' => 'ہر کوئی', 'Generate' => 'بنائیں', + 'webalizer' => 'webalizer', 'awstats' => 'awstats', + 'Vesta SSL' => 'Vesta کی SSL', 'SUBJECT' => 'مضمون', 'ALIASES' => 'عرفیتیں', @@ -723,14 +743,18 @@ $LANG['ur'] = array( 'SIGNATURE' => 'دستخط', 'PUB_KEY' => 'PUB_KEY', 'ISSUER' => 'ISSUER', + 'Use server hostname' => 'سرور استعمال میزبان نام', 'Use domain hostname' => 'ڈومین کا استعمال میزبان نام', 'Use STARTTLS' => 'STARTTLS استعمال', 'Use SSL' => 'SSL استعمال کریں', 'No encryption' => 'کوئی خفیہ کاری', 'Do not use encryption' => 'خفیہ کاری کا استعمال نہ کریں', + 'maximum characters length, including prefix' => 'زیادہ سے زیادہ ٪s کو حروف لمبائی، سابقہ سم', + 'Email Credentials' => 'ای میل کی سند', + '%s rule' => 'قواعد %s', 'MainDomain' => 'اہم ڈومین', 'SubDomain' => 'ذیلی ڈومین', diff --git a/web/inc/i18n/vi.php b/web/inc/i18n/vi.php index 40d40cbe..2de145b4 100644 --- a/web/inc/i18n/vi.php +++ b/web/inc/i18n/vi.php @@ -562,6 +562,7 @@ $LANG['vi'] = array( 'MAIL Server' => 'Máy chủ MAIL', 'Antivirus' => 'Trình diệt virus', 'AntiSpam' => 'Trình chống spam', + 'Use Web Domain SSL Certificate' => 'Use Web Domain SSL Certificate', 'Webmail URL' => 'Đường dẫn Webmail', 'MySQL Support' => 'Hỗ trợ MySQL', 'phpMyAdmin URL' => 'Đường dẫn phpMyAdmin', diff --git a/web/list/directory/index.php b/web/list/directory/index.php index 737e19db..12919b14 100644 --- a/web/list/directory/index.php +++ b/web/list/directory/index.php @@ -24,8 +24,8 @@ if (empty($panel)) { $panel = json_decode(implode('', $output), true); } -$path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : ''; -$path_b = !empty($_REQUEST['dir_b']) ? $_REQUEST['dir_b'] : ''; +$path_a = !empty($_REQUEST['dir_a']) ? htmlentities($_REQUEST['dir_a']) : ''; +$path_b = !empty($_REQUEST['dir_b']) ? htmlentities($_REQUEST['dir_b']) : ''; $GLOBAL_JS = ''; $GLOBAL_JS .= ''; $GLOBAL_JS .= ''; diff --git a/web/list/dns/index.php b/web/list/dns/index.php index df5b4a83..c98b8e47 100644 --- a/web/list/dns/index.php +++ b/web/list/dns/index.php @@ -14,7 +14,7 @@ if (empty($_GET['domain'])){ render_page($user, $TAB, 'list_dns'); } else { - exec (VESTA_CMD."v-list-dns-records '".$user."' '".escapeshellarg($_GET['domain'])."' 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-dns-records ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var); $data = json_decode(implode('', $output), true); $data = array_reverse($data, true); unset($output); diff --git a/web/list/mail/index.php b/web/list/mail/index.php index 6b767768..56c42a73 100644 --- a/web/list/mail/index.php +++ b/web/list/mail/index.php @@ -14,7 +14,7 @@ if (empty($_GET['domain'])){ render_page($user, $TAB, 'list_mail'); } else { - exec (VESTA_CMD."v-list-mail-accounts '".$user."' '".escapeshellarg($_GET['domain'])."' json", $output, $return_var); + exec (VESTA_CMD."v-list-mail-accounts ".$user." ".escapeshellarg($_GET['domain'])." json", $output, $return_var); $data = json_decode(implode('', $output), true); $data = array_reverse($data, true); unset($output); diff --git a/web/list/stats/index.php b/web/list/stats/index.php index c758705a..3c730632 100644 --- a/web/list/stats/index.php +++ b/web/list/stats/index.php @@ -20,7 +20,7 @@ if ($user == 'admin') { unset($output); } - exec (VESTA_CMD."v-list-sys-users 'json'", $output, $return_var); + exec (VESTA_CMD."v-list-sys-users json", $output, $return_var); $users = json_decode(implode('', $output), true); unset($output); } else { diff --git a/web/reset/mail/index.php b/web/reset/mail/index.php index 010fed77..5419d8ea 100644 --- a/web/reset/mail/index.php +++ b/web/reset/mail/index.php @@ -127,15 +127,15 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[ $v_password = $_POST['password']; // Get domain owner - exec (VESTA_CMD."v-search-domain-owner ".$v_domain." 'mail'", $output, $return_var); - if ($return_var == 0) { - $v_user = $output[0]; + exec (VESTA_CMD."v-search-domain-owner ".$v_domain." mail", $output, $return_var); + if (($return_var == 0) && (!empty($output[0]))) { + $v_user = escapeshellarg($output[0]); } unset($output); // Get current md5 hash if (!empty($v_user)) { - exec (VESTA_CMD."v-get-mail-account-value '".$v_user."' ".$v_domain." ".$v_account." 'md5'", $output, $return_var); + exec (VESTA_CMD."v-get-mail-account-value ".$v_user." ".$v_domain." ".$v_account." md5", $output, $return_var); if ($return_var == 0) { $v_hash = $output[0]; } @@ -154,7 +154,7 @@ if ((!empty($_POST['email'])) && (!empty($_POST['password'])) && (!empty($_POST[ $fp = fopen($v_new_password, "w"); fwrite($fp, $_POST['new']."\n"); fclose($fp); - exec (VESTA_CMD."v-change-mail-account-password '".$v_user."' ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var); + exec (VESTA_CMD."v-change-mail-account-password ".$v_user." ".$v_domain." ".$v_account." ".$v_new_password, $output, $return_var); if ($return_var == 0) { echo "==ok=="; exit; diff --git a/web/restart/service/index.php b/web/restart/service/index.php index 5f42e5e5..eb07e856 100644 --- a/web/restart/service/index.php +++ b/web/restart/service/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { if (!empty($_GET['srv'])) { if ($_GET['srv'] == 'iptables') { diff --git a/web/restart/system/index.php b/web/restart/system/index.php index 4facc5a5..4e09745e 100644 --- a/web/restart/system/index.php +++ b/web/restart/system/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { if (!empty($_GET['hostname'])) { exec (VESTA_CMD."v-restart-system yes", $output, $return_var); diff --git a/web/templates/admin/add_dns_rec.html b/web/templates/admin/add_dns_rec.html index 2c8bebd7..33b4a9be 100644 --- a/web/templates/admin/add_dns_rec.html +++ b/web/templates/admin/add_dns_rec.html @@ -82,6 +82,7 @@ + diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html index cde031fc..59683b6d 100644 --- a/web/templates/admin/edit_server.html +++ b/web/templates/admin/edit_server.html @@ -280,13 +280,115 @@

- + + + + + + + + + + + + + + + + + +
+ +
+ +

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ : + + +
+ : + + +
+ : + + +
+ : + + +
+ : + + +
+ : + + +
+ : + + +
+
+ + - @@ -503,7 +605,8 @@ ">

- + + @@ -513,9 +616,10 @@ - + +
- -
+ +
@@ -580,13 +684,54 @@
- +
+ + + + + + + @@ -604,7 +749,7 @@ @@ -615,16 +760,16 @@ : - + @@ -633,7 +778,7 @@ : @@ -641,7 +786,7 @@ : @@ -649,16 +794,15 @@ : - @@ -666,7 +810,7 @@ :
+ +
+ + + + + + + +
+ +
+ +

+
+
@@ -594,7 +739,7 @@
- +
- +
- +
: - +
- +
- +
- +
: - +
- +
@@ -835,10 +979,10 @@ 2Checkout.com Inc. (Ohio, USA) is a payment facilitator for goods and services provided by vestacp.com.'; diff --git a/web/templates/admin/list_dns_rec.html b/web/templates/admin/list_dns_rec.html index a74b8574..24f28103 100644 --- a/web/templates/admin/list_dns_rec.html +++ b/web/templates/admin/list_dns_rec.html @@ -74,11 +74,11 @@ v_unit_id="" v_section="dns_rec">
-
 ↵
+
 ↵
- + diff --git a/web/templates/admin/list_mail_acc.html b/web/templates/admin/list_mail_acc.html index 5433d732..13495ff6 100644 --- a/web/templates/admin/list_mail_acc.html +++ b/web/templates/admin/list_mail_acc.html @@ -90,11 +90,11 @@ sort-star="
-
 ↵
+
 ↵
- + @@ -104,7 +104,7 @@ sort-star=" - + diff --git a/web/templates/admin/list_services.html b/web/templates/admin/list_services.html index 346370e6..6012d2a3 100644 --- a/web/templates/admin/list_services.html +++ b/web/templates/admin/list_services.html @@ -54,7 +54,7 @@
 ↵
-
 R
+
 R
diff --git a/web/templates/user/list_mail_acc.html b/web/templates/user/list_mail_acc.html index c7334fa1..8c5ef567 100644 --- a/web/templates/user/list_mail_acc.html +++ b/web/templates/user/list_mail_acc.html @@ -88,11 +88,11 @@ sort-star="
-
 ↵
+
 ↵
- + diff --git a/web/update/vesta/index.php b/web/update/vesta/index.php index a025c7bf..fa7ca2c4 100644 --- a/web/update/vesta/index.php +++ b/web/update/vesta/index.php @@ -5,6 +5,12 @@ ob_start(); session_start(); include($_SERVER['DOCUMENT_ROOT']."/inc/main.php"); +// Check token +if ((!isset($_GET['token'])) || ($_SESSION['token'] != $_GET['token'])) { + header('location: /login/'); + exit(); +} + if ($_SESSION['user'] == 'admin') { if (!empty($_GET['pkg'])) { $v_pkg = escapeshellarg($_GET['pkg']); diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index 88388304..64004c91 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1118,7 +1118,7 @@ class UploadHandler $file->size > $this->get_file_size($file_path); if ($uploaded_file && is_uploaded_file($uploaded_file) && strpos($file_path, "'")===false && strpos($file_path, '"')===false) { chmod($uploaded_file, 0644); - exec (VESTA_CMD . "v-copy-fs-file ". USERNAME ." {$uploaded_file} '{$file_path}'", $output, $return_var); + exec (VESTA_CMD . "v-copy-fs-file ". USERNAME ." ".$uploaded_file." ".escapeshellarg($file_path), $output, $return_var); $error = check_return_code($return_var, $output); if ($return_var != 0) { $file->error = 'Error while saving file ';