github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-19 13:01:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'pr/34'

Browse source
This commit is contained in:
Peca 2019-08-10 17:09:42 +02:00
commit db8b4ed21e
613 changed files with 18898 additions and 7319 deletions
Download patch file Download diff file Expand all files Collapse all files

3
bin/v-add-backup-host
View file

@ -38,8 +38,7 @@ EOF
sftpc() { sftpc() {
expect -f "-" <<EOF "$@" expect -f "-" <<EOF "$@"
set count 0 set count 0
spawn "/usr/bin/sftp -o StrictHostKeyChecking=no -o \ spawn /usr/bin/sftp -o StrictHostKeyChecking=no -o Port=$port $user@$host
Port=$port '$user@$host'"
expect { expect {
"password:" { "password:" {
send "$password\r" send "$password\r"

2
bin/v-add-dns-record
View file

@ -45,11 +45,13 @@ if [[ $rtype =~ NS|CNAME|MX|PTR|SRV ]]; then
fi fi
fi fi
if [ $rtype != "CAA" ]; then
dvalue=${dvalue//\"/} dvalue=${dvalue//\"/}
if [[ "$dvalue" =~ [\;[:space:]] ]]; then if [[ "$dvalue" =~ [\;[:space:]] ]]; then
dvalue='"'"$dvalue"'"' dvalue='"'"$dvalue"'"'
fi fi
fi
# Additional argument formatting # Additional argument formatting
format_domain format_domain

8
bin/v-add-firewall-chain
View file

@ -47,7 +47,13 @@ is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
# Checking known chains # Checking known chains
case $chain in case $chain in
SSH) port=22; protocol=TCP ;; SSH) # Get ssh port by reading ssh config file.
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [ -z "$sshport" ]; then
sshport=22
fi
port=$sshport;
protocol=TCP ;;
FTP) port=21; protocol=TCP ;; FTP) port=21; protocol=TCP ;;
MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;; MAIL) port='25,465,587,2525,110,995,143,993'; protocol=TCP ;;
DNS) port=53; protocol=UDP ;; DNS) port=53; protocol=UDP ;;

252
bin/v-add-letsencrypt-domain
View file

@ -1,13 +1,8 @@
#!/bin/bash #!/bin/bash
# info: adding letsencrypt ssl cetificate for domain # info: check letsencrypt domain
# options: USER DOMAIN [ALIASES] [RESTART] [NOTIFY] # options: USER DOMAIN [ALIASES]
# #
# The function turns on SSL support for a domain. Parameter ssl_dir is a path # The function check and validates domain with Let's Encript
# to directory where 2 or 3 ssl files can be found. Certificate file
# domain.tld.crt and its key domain.tld.key are mandatory. Certificate
# authority domain.tld.ca file is optional. If home directory parameter
# (ssl_home) is not set, https domain uses public_shtml as separate
# documentroot directory.
#----------------------------------------------------------# #----------------------------------------------------------#
@ -18,8 +13,9 @@
user=$1 user=$1
domain=$2 domain=$2
aliases=$3 aliases=$3
restart=$4
notify=$5 # LE API
API='https://acme-v02.api.letsencrypt.org'
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -27,30 +23,67 @@ source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf source $VESTA/conf/vesta.conf
# Additional argument formatting # Additional argument formatting
format_domain_idn format_identifier_idn() {
identifier_idn=$identifier
if [[ "$identifier_idn" = *[![:ascii:]]* ]]; then
identifier_idn=$(idn -t --quiet -a $identifier_idn)
fi
}
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "kid": "'$KID'"}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
curl -s -i -d "$post_data" "$1" -H "$content"
}
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [ALIASES] [RESTART] [NOTIFY]' check_args '2' "$#" 'USER DOMAIN [ALIASES]'
is_format_valid 'user' 'domain' is_format_valid 'user' 'domain' 'aliases'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM' is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_system_enabled "$WEB_SSL" 'SSL_SUPPORT'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain" is_object_unsuspended 'web' 'DOMAIN' "$domain"
get_domain_values 'web'
# check if alias is the letsencrypt wildcard domain, if not, make the normal checks
if [[ "$aliases" != "*.$domain" ]]; then
for alias in $(echo "$aliases" |tr ',' '\n' |sort -u); do
check_alias="$(echo $ALIAS |tr ',' '\n' |grep ^$alias$)"
if [ -z "$check_alias" ]; then
check_result $E_NOTEXIST "domain alias $alias doesn't exist"
fi
done
fi;
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Parsing domain data
get_domain_values 'web'
# Registering LetsEncrypt user account # Registering LetsEncrypt user account
$BIN/v-add-letsencrypt-user $user $BIN/v-add-letsencrypt-user $user
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
@ -62,53 +95,153 @@ fi
# Parsing LetsEncrypt account data # Parsing LetsEncrypt account data
source $USER_DATA/ssl/le.conf source $USER_DATA/ssl/le.conf
email=$EMAIL
# Validating domain and aliases # Checking wildcard alias
if [ "$aliases" = "*.$domain" ]; then
wildcard='yes'
proto="dns-01"
if [ ! -e "$VESTA/data/users/$user/dns/$domain.conf" ]; then
check_result $E_NOTEXIST "DNS domain $domain doesn't exist"
fi
else
proto="http-01"
fi
# Requesting nonce / STEP 1
answer=$(curl -s -I "$API/directory")
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ')
if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt nonce request status $status"
fi
# Placing new order / STEP 2
url="$API/acme/new-order"
payload='{"identifiers":['
for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do
format_identifier_idn
payload=$payload'{"type":"dns","value":"'$identifier_idn'"},'
done
payload=$(echo "$payload"|sed "s/,$//")
payload=$payload']}'
answer=$(query_le_v2 "$url" "$payload" "$nonce")
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
authz=$(echo "$answer" |grep "acme/authz" |cut -f2 -d '"')
finalize=$(echo "$answer" |grep 'finalize":' |cut -f4 -d '"')
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
if [[ "$status" -ne 201 ]]; then
check_result $E_CONNECT "Let's Encrypt new auth status $status"
fi
# Requesting authorization token / STEP 3
for auth in $authz; do
payload=''
answer=$(query_le_v2 "$auth" "$payload" "$nonce")
url=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \")
token=$(echo "$answer" |grep -A3 $proto |grep token |cut -f 4 -d \")
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ')
if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt acme/authz bad status $status"
fi
# Accepting challenge / STEP 4
if [ "$wildcard" = 'yes' ]; then
record=$(printf "%s" "$token.$THUMB" |\
openssl dgst -sha256 -binary |encode_base64)
old_records=$($BIN/v-list-dns-records $user $domain plain|grep 'TXT')
old_records=$(echo "$old_records" |grep _acme-challenge |cut -f 1)
for old_record in $old_records; do
$BIN/v-delete-dns-record $user $domain $old_record
done
$BIN/v-add-dns-record $user $domain "_acme-challenge" "TXT" $record
check_result $? "DNS _acme-challenge record wasn't created"
else
if [ "$WEB_SYSTEM" = 'nginx' ] || [ ! -z "$PROXY_SYSTEM" ]; then
conf="$HOMEDIR/$user/conf/web/nginx.$domain.conf_letsencrypt"
sconf="$HOMEDIR/$user/conf/web/snginx.$domain.conf_letsencrypt"
if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' \
> $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$THUMB'";' >> $conf
echo '}' >> $conf
fi
if [ ! -e "$sconf" ]; then
ln -s "$conf" "$sconf"
fi
$BIN/v-restart-proxy
check_result $? "Proxy restart failed" >/dev/null
else
well_known="$HOMEDIR/$user/web/$domain/public_html/.well-known"
acme_challenge="$well_known/acme-challenge"
mkdir -p $acme_challenge
echo "$token.$THUMB" > $acme_challenge/$token
chown -R $user:$user $well_known
fi
$BIN/v-restart-web
check_result $? "Web restart failed" >/dev/null
fi
# Requesting ACME validation / STEP 5
validation_check=$(echo "$answer" |grep '"valid"')
if [[ ! -z "$validation_check" ]]; then
validation='valid'
else
validation='pending'
fi
# Doing pol check on status
i=1 i=1
for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do while [ "$validation" = 'pending' ]; do
$BIN/v-check-letsencrypt-domain $user $alias payload='{}'
if [ "$?" -ne 0 ]; then answer=$(query_le_v2 "$url" "$payload" "$nonce")
touch $VESTA/data/queue/letsencrypt.pipe validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \")
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
send_notice "LETSENCRYPT" "$alias validation failed" status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ')
check_result $E_INVALID "LE domain validation" >/dev/null if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt validation status $status"
fi fi
# Checking LE limits per account i=$((i + 1))
if [ "$i" -gt 100 ]; then if [ "$i" -gt 10 ]; then
touch $VESTA/data/queue/letsencrypt.pipe check_result $E_CONNECT "Let's Encrypt domain validation timeout"
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe fi
send_notice 'LETSENCRYPT' 'Limit of domains per account is reached' sleep 1
check_result $E_LIMIT "LE can't sign more than 100 domains" done
if [ "$validation" = 'invalid' ]; then
check_result $E_CONNECT "Let's Encrypt domain verification failed"
fi fi
i=$((i++))
done done
# Generating CSR
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "$email" "US" "California" \ # Generating new ssl certificate
ssl_dir=$($BIN/v-generate-ssl-cert "$domain" "info@$domain" "US" "California"\
"San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}') "San Francisco" "Vesta" "IT" "$aliases" |tail -n1 |awk '{print $2}')
# Signing CSR # Sending CSR to finalize order / STEP 6
crt=$($BIN/v-sign-letsencrypt-csr $user $domain $ssl_dir) csr=$(openssl req -in $ssl_dir/$domain.csr -outform DER |encode_base64)
if [ "$?" -ne 0 ]; then payload='{"csr":"'$csr'"}'
touch $VESTA/data/queue/letsencrypt.pipe answer=$(query_le_v2 "$finalize" "$payload" "$nonce")
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
send_notice "LETSENCRYPT" "$alias validation failed" status=$(echo "$answer"|grep HTTP/1.1 |tail -n1 |cut -f 2 -d ' ')
check_result "$E_INVALID" "LE $domain validation" certificate=$(echo "$answer"|grep 'certificate":' |cut -f4 -d '"')
if [[ "$status" -ne 200 ]]; then
check_result $E_CONNECT "Let's Encrypt finalize bad status $status"
fi fi
echo "$crt" > $ssl_dir/$domain.crt
# Dowloading CA certificate # Downloading signed certificate / STEP 7
le_certs='https://letsencrypt.org/certs' curl -s "$certificate" -o $ssl_dir/$domain.pem
x1='lets-encrypt-x1-cross-signed.pem.txt'
x3='lets-encrypt-x3-cross-signed.pem.txt' # Splitting up downloaded pem
issuer=$(openssl x509 -text -in $ssl_dir/$domain.crt |grep "Issuer:") crt_end=$(grep -n END $ssl_dir/$domain.pem |head -n1 |cut -f1 -d:)
if [ -z "$(echo $issuer|grep X3)" ]; then head -n $crt_end $ssl_dir/$domain.pem > $ssl_dir/$domain.crt
curl -s $le_certs/$x1 > $ssl_dir/$domain.ca
else pem_lines=$(wc -l $ssl_dir/$domain.pem |cut -f 1 -d ' ')
curl -s $le_certs/$x3 > $ssl_dir/$domain.ca ca_end=$(grep -n "BEGIN" $ssl_dir/$domain.pem |tail -n1 |cut -f 1 -d :)
fi ca_end=$(( pem_lines - crt_end + 1 ))
tail -n $ca_end $ssl_dir/$domain.pem > $ssl_dir/$domain.ca
# Adding SSL # Adding SSL
ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME') ssl_home=$(search_objects 'web' 'LETSENCRYPT' 'yes' 'SSL_HOME')
@ -140,18 +273,13 @@ update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT' 'yes'
# Vesta # # Vesta #
#----------------------------------------------------------# #----------------------------------------------------------#
# Restarting web # Deleteing task from queue
$BIN/v-restart-web $restart touch $VESTA/data/queue/letsencrypt.pipe
if [ "$?" -ne 0 ]; then sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
send_notice 'LETSENCRYPT' "web server needs to be restarted manually"
fi
# Notifying user # Notifying user
send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully" send_notice 'LETSENCRYPT' "$domain SSL has been installed successfully"
# Deleteing task from queue
touch $VESTA/data/queue/letsencrypt.pipe
sed -i "/ $domain /d" $VESTA/data/queue/letsencrypt.pipe
# Logging # Logging
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

145
bin/v-add-letsencrypt-user Executable file → Normal file
View file

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
# info: register letsencrypt user account # info: register letsencrypt user account
# options: USER [TYPE] # options: USER
# #
# The function creates and register LetsEncript account key # The function creates and register LetsEncript account
#----------------------------------------------------------# #----------------------------------------------------------#
@ -11,8 +11,9 @@
# Argument definition # Argument definition
user=$1 user=$1
type=${2-1}
key_size=4096 # LE API
API='https://acme-v02.api.letsencrypt.org'
# Includes # Includes
source $VESTA/func/main.sh source $VESTA/func/main.sh
@ -23,131 +24,97 @@ encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n=' cat |base64 |tr '+/' '-_' |tr -d '\r\n='
} }
# Let's Encrypt v2 curl function
query_le_v2() {
protected='{"nonce": "'$3'",'
protected=''$protected' "url": "'$1'",'
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
content="Content-Type: application/jose+json"
payload_=$(echo -n "$2" |encode_base64)
protected_=$(echo -n "$protected" |encode_base64)
signature_=$(printf "%s" "$protected_.$payload_" |\
openssl dgst -sha256 -binary -sign $USER_DATA/ssl/user.key |\
encode_base64)
post_data='{"protected":"'"$protected_"'",'
post_data=$post_data'"payload":"'"$payload_"'",'
post_data=$post_data'"signature":"'"$signature_"'"}'
curl -s -i -d "$post_data" "$1" -H "$content"
}
#----------------------------------------------------------# #----------------------------------------------------------#
# Verifications # # Verifications #
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [TYPE]' check_args '1' "$#" 'USER'
is_format_valid 'user' is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
if [ -e "$USER_DATA/ssl/le.conf" ]; then if [ -e "$USER_DATA/ssl/le.conf" ]; then
source "$USER_DATA/ssl/le.conf" source "$USER_DATA/ssl/le.conf"
if [ "$type" -eq 1 ] && [ ! -z "$EMAIL" ]; then
exit
fi fi
if [ "$type" -eq 2 ] && [ ! -z "$KID" ]; then if [ ! -z "$KID" ]; then
exit exit
fi fi
fi
#----------------------------------------------------------# #----------------------------------------------------------#
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Defining LE API endpoint
if [ "$type" -eq 1 ]; then
api='https://acme-v01.api.letsencrypt.org'
else
api='https://acme-v02.api.letsencrypt.org'
fi
# Defining user email # Defining user email
if [ $type -eq 1 ]; then if [[ -z "$EMAIL" ]]; then
email=$(get_user_value '$CONTACT') EMAIL=$(get_user_value '$CONTACT')
fi fi
# Defining user agreement # Defining user agreement
if [ "$type" -eq 1 ]; then
agreement=$(curl -s -I "$api/terms" |grep Location |\
cut -f 2 -d \ |tr -d '\r\n')
else
#agreement=$(curl -s "$api/directory" |grep termsOfService |\
# cut -f 4 -d '"')
agreement='' agreement=''
fi
# Generating user key # Generating user key
key="$USER_DATA/ssl/user.key" KEY="$USER_DATA/ssl/user.key"
if [ ! -e "$key" ]; then if [ ! -e "$KEY" ]; then
openssl genrsa -out $key $key_size >/dev/null 2>&1 openssl genrsa -out $KEY 4096 >/dev/null 2>&1
chmod 600 $key chmod 600 $KEY
fi fi
# Defining key exponent # Defining key exponent
if [ -z "$EXPONENT" ]; then if [ -z "$EXPONENT" ]; then
exponent=$(openssl pkey -inform pem -in "$key" -noout -text_pub |\ EXPONENT=$(openssl pkey -inform pem -in "$KEY" -noout -text_pub |\
grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\ grep Exponent: |cut -f 2 -d '(' |cut -f 1 -d ')' |sed -e 's/x//' |\
xxd -r -p |encode_base64) xxd -r -p |encode_base64)
else
exponent="$EXPONENT"
fi fi
# Defining key modulus # Defining key modulus
if [ -z "$MODULUS" ]; then if [ -z "$MODULUS" ]; then
modulus=$(openssl rsa -in "$key" -modulus -noout |\ MODULUS=$(openssl rsa -in "$KEY" -modulus -noout |\
sed -e 's/^Modulus=//' |xxd -r -p |encode_base64) sed -e 's/^Modulus=//' |xxd -r -p |encode_base64)
else
modulus="$MODULUS"
fi fi
# Defining JWK token # Defining JWK
jwk='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}' jwk='{"e":"'$EXPONENT'","kty":"RSA","n":"'"$MODULUS"'"}'
# Defining key thumbnail # Defining key thumbnail
if [ -z "$THUMB" ]; then if [ -z "$THUMB" ]; then
thumb="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)" THUMB="$(echo -n "$jwk" |openssl dgst -sha256 -binary |encode_base64)"
else
thumb="$THUMB"
fi fi
# Requesting ACME nonce # Requesting ACME nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n') nonce=$(curl -s -I "$API/directory" |grep Nonce |cut -f 2 -d \ |tr -d '\r\n')
# Defining payload and protected data for v1 and v2 # Creating ACME account
if [ "$type" -eq 1 ]; then url="$API/acme/new-acct"
header='{"alg":"RS256","jwk":'"$jwk"'}'
protected='{"nonce":"'"$nonce"'"}'
payload='{"resource":"new-reg","contact":["mailto:'"$email"'"],'
payload=$payload'"agreement":"'$agreement'"}'
else
protected='{"nonce": "'$nonce'",'
protected=''$protected' "url": "'$api/acme/new-acct'",'
protected=''$protected' "alg": "RS256", "jwk": '$jwk'}'
payload='{"termsOfServiceAgreed": true}' payload='{"termsOfServiceAgreed": true}'
fi answer=$(query_le_v2 "$url" "$payload" "$nonce")
# Encoding data
protected=$(echo -n "$protected" |encode_base64)
payload=$(echo -n "$payload" |encode_base64)
# Signing request
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |\
encode_base64)
if [ "$type" -eq 1 ]; then
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
answer=$(curl -s -i -d "$data" "$api/acme/new-reg")
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
else
data='{"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'",'
data=$data'"signature":"'"$signature"'"}'
answer=$(curl -s -i -d "$data" "$api/acme/new-acct" \
-H "Content-Type: application/jose+json")
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
kid=$(echo "$answer" |grep Location: |cut -f2 -d ' '|tr -d '\r') kid=$(echo "$answer" |grep Location: |cut -f2 -d ' '|tr -d '\r')
fi
# Checking http answer status # Checking answer status
if [[ "${status:0:2}" -ne "20" ]] && [[ "$status" -ne "409" ]]; then status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
check_result $E_CONNECT "LetsEncrypt account registration $status" if [[ "${status:0:2}" -ne "20" ]]; then
check_result $E_CONNECT "Let's Encrypt acc registration failed $status"
fi fi
@ -157,26 +124,16 @@ fi
# Adding le.conf # Adding le.conf
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
echo "EXPONENT='$exponent'" > $USER_DATA/ssl/le.conf echo "EXPONENT='$EXPONENT'" > $USER_DATA/ssl/le.conf
echo "MODULUS='$modulus'" >> $USER_DATA/ssl/le.conf echo "MODULUS='$MODULUS'" >> $USER_DATA/ssl/le.conf
echo "THUMB='$thumb'" >> $USER_DATA/ssl/le.conf echo "THUMB='$THUMB'" >> $USER_DATA/ssl/le.conf
if [ "$type" -eq 1 ]; then echo "EMAIL='$EMAIL'" >> $USER_DATA/ssl/le.conf
echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
else
echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
fi
chmod 660 $USER_DATA/ssl/le.conf chmod 660 $USER_DATA/ssl/le.conf
else
if [ "$type" -eq 1 ]; then
sed -i '/^EMAIL=/d' $USER_DATA/ssl/le.conf
echo "EMAIL='$email'" >> $USER_DATA/ssl/le.conf
else else
sed -i '/^KID=/d' $USER_DATA/ssl/le.conf sed -i '/^KID=/d' $USER_DATA/ssl/le.conf
echo "KID='$kid'" >> $USER_DATA/ssl/le.conf echo "KID='$kid'" >> $USER_DATA/ssl/le.conf
fi fi
fi
# Logging # Logging
log_event "$OK" "$ARGUMENTS" log_event "$OK" "$ARGUMENTS"

106
bin/v-add-sys-mail-ssl Executable file
View file

@ -0,0 +1,106 @@
#!/bin/bash
# info: copy mail ssl certificate
# options: USER DOMAIN [RESTART]
#
# The function copies user domain SSL to mail SSL directory
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
restart=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain'
is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining certificate location
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
dom_key="/home/$user/conf/web/ssl.$domain.key"
vst_crt="$VESTA/ssl/mail.crt"
vst_key="$VESTA/ssl/mail.key"
# Checking certificate
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
check_result $E_NOTEXIST "$domain certificate doesn't exist"
fi
# Checking difference
diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old >/dev/null 2>&1
mv $vst_key $vst_key.old >/dev/null 2>&1
cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key
else
restart=no
fi
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Updating vesta.conf
if [ -z "$(grep MAIL_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
echo "MAIL_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
else
sed -i "s/MAIL_CERTIFICATE.*/MAIL_CERTIFICATE='$user:$domain'/g" \
$VESTA/conf/vesta.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

97
bin/v-add-sys-vesta-ssl Executable file
View file

@ -0,0 +1,97 @@
#!/bin/bash
# info: add vesta ssl certificate
# options: USER DOMAIN [RESTART]
#
# The function copies user domain SSL to vesta SSL directory
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
restart=$3
# Includes
source $VESTA/func/main.sh
source $VESTA/func/domain.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [RESTART]'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_value_exist 'web' 'DOMAIN' "$domain" '$SSL'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Defining certificate location
dom_crt="/home/$user/conf/web/ssl.$domain.pem"
dom_key="/home/$user/conf/web/ssl.$domain.key"
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Checking certificate
if [ ! -e "$dom_crt" ] || [ ! -e "$dom_key" ]; then
check_result $E_NOTEXIST "$domain certificate doesn't exist"
fi
# Checking difference
diff $dom_crt $vst_crt >/dev/null 2>&1
if [ $? -ne 0 ]; then
rm -f $vst_crt.old $vst_key.old
mv $vst_crt $vst_crt.old
mv $vst_key $vst_key.old
cp $dom_crt $vst_crt 2>/dev/null
cp $dom_key $vst_key 2>/dev/null
chown root:mail $vst_crt $vst_key
else
restart=no
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ] && [ -z "$MAIL_CERTIFICATE" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
if [ ! -z "$FTP_SYSTEM" ]; then
$BIN/v-restart-service "$FTP_SYSTEM"
fi
if [ -e "/var/run/vesta-nginx.pid" ]; then
kill -HUP $(cat /var/run/vesta-nginx.pid)
else
service vesta restart
fi
fi
# Updating vesta.conf
if [ -z "$(grep VESTA_CERTIFICATE $VESTA/conf/vesta.conf)" ]; then
echo "VESTA_CERTIFICATE='$user:$domain'" >> $VESTA/conf/vesta.conf
else
sed -i "s/VESTA_CERTIFICATE.*/VESTA_CERTIFICATE='$user:$domain'/g" \
$VESTA/conf/vesta.conf
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

6
bin/v-add-web-domain
View file

@ -63,7 +63,7 @@ fi
source $USER_DATA/user.conf source $USER_DATA/user.conf
# Creating domain directories # Creating domain directories
mkdir -p $HOMEDIR/$user/web/$domain \ sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/public_shtml \
$HOMEDIR/$user/web/$domain/document_errors \ $HOMEDIR/$user/web/$domain/document_errors \
@ -80,7 +80,7 @@ ln -f -s /var/log/$WEB_SYSTEM/domains/$domain.*log \
$HOMEDIR/$user/web/$domain/logs/ $HOMEDIR/$user/web/$domain/logs/
# Adding domain skeleton # Adding domain skeleton
cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1 sudo -u $user cp -r $WEBTPL/skel/* $HOMEDIR/$user/web/$domain/ >/dev/null 2>&1
for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do for file in $(find "$HOMEDIR/$user/web/$domain/" -type f); do
sed -i "s/%domain%/$domain/g" $file sed -i "s/%domain%/$domain/g" $file
done done
@ -91,7 +91,7 @@ chown root:$user /var/log/$WEB_SYSTEM/domains/$domain.* $conf
chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.* chmod 640 /var/log/$WEB_SYSTEM/domains/$domain.*
chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/* chmod 751 $HOMEDIR/$user/web/$domain $HOMEDIR/$user/web/$domain/*
chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs chmod 551 $HOMEDIR/$user/web/$domain/stats $HOMEDIR/$user/web/$domain/logs
chmod 644 $HOMEDIR/$user/web/$domain/public_*html/* chmod 644 $HOMEDIR/$user/web/$domain/public_*html/*.*
# Addding PHP-FPM backend # Addding PHP-FPM backend
if [ ! -z "$WEB_BACKEND" ]; then if [ ! -z "$WEB_BACKEND" ]; then

16
bin/v-add-web-domain-ssl
View file

@ -120,6 +120,22 @@ check_result $? "Web restart failed" >/dev/null
$BIN/v-restart-proxy $restart $BIN/v-restart-proxy $restart
check_result $? "Proxy restart failed" >/dev/null check_result $? "Proxy restart failed" >/dev/null
# Updating system ssl dependencies
if [ ! -z "$VESTA_CERTIFICATE" ]; then
crt_user=$(echo "$VESTA_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$VESTA_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-vesta-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
crt_user=$(echo "$MAIL_CERTIFICATE" |cut -f 1 -d :)
crt_domain=$(echo "$MAIL_CERTIFICATE" |cut -f 2 -d :)
if [ "$user" = "$crt_user" ] && [ "$domain" = "$crt_domain" ]; then
$BIN/v-add-sys-mail-ssl $user $domain >/dev/null 2>&1
fi
fi
if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then if [ ! -z "$UPDATE_HOSTNAME_SSL" ] && [ "$UPDATE_HOSTNAME_SSL" = "yes" ]; then
hostname=$(hostname) hostname=$(hostname)
if [ "$hostname" = "$domain" ]; then if [ "$hostname" = "$domain" ]; then

16
bin/v-backup-user
View file

@ -210,7 +210,7 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:") exlusion=$(echo -e "$WEB" |tr ',' '\n' |grep "^$domain:")
set -f set -f
fargs=() fargs=()
fargs+=(--exclude='logs/*') fargs+=(--exclude='./logs/*')
if [ ! -z "$exlusion" ]; then if [ ! -z "$exlusion" ]; then
xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)" xdirs="$(echo -e "$exlusion" |tr ':' '\n' |grep -v $domain)"
for xpath in $xdirs; do for xpath in $xdirs; do
@ -228,7 +228,7 @@ if [ ! -z "$WEB_SYSTEM" ] && [ "$WEB" != '*' ]; then
set +f set +f
# Backup files # Backup files
tar -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz tar --anchored -cpf- ${fargs[@]} * |gzip -$BACKUP_GZIP - > $tmpdir/web/$domain/domain_data.tar.gz
done done
# Print total # Print total
@ -466,11 +466,15 @@ if [ "$USER" != '*' ]; then
fi fi
fargs=() fargs=()
for xpath in $(echo "$USER" |tr ',' '\n'); do for xpath in $(echo "$USER" |tr ',' '\n'); do
fargs+=(-not) if [ -d "$xpath" ]; then
fargs+=(-path) fargs+=(--exclude=$xpath/*)
fargs+=("./$xpath*")
echo "$(date "+%F %T") excluding directory $xpath" |\ echo "$(date "+%F %T") excluding directory $xpath" |\
tee -a $BACKUP/$user.log tee -a $BACKUP/$user.log
else
echo "$(date "+%F %T") excluding file $xpath" |\
tee -a $BACKUP/$user.log
fargs+=(--exclude=$xpath)
fi
done done
IFS=$'\n' IFS=$'\n'
@ -487,7 +491,7 @@ if [ "$USER" != '*' ]; then
wait_for_backup_if_it_is_not_time_for_backup wait_for_backup_if_it_is_not_time_for_backup
# Backup files and dirs # Backup files and dirs
tar -cpf- $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz tar --anchored -cpf- ${fargs[@]} $udir |gzip -$BACKUP_GZIP - > $tmpdir/user_dir/$udir.tar.gz
fi fi
done done
set +f set +f

12
bin/v-change-sys-service-config
View file

@ -95,13 +95,21 @@ if [ "$update" = 'yes' ] && [ "$restart" != 'no' ]; then
if [ "$service" = 'php' ]; then if [ "$service" = 'php' ]; then
if [ "$WEB_SYSTEM" = "nginx" ]; then if [ "$WEB_SYSTEM" = "nginx" ]; then
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d / |sed -n 1p) if [ $(ps --no-headers -o comm 1) == systemd ]; then
service=$(systemctl | grep -o -E "php.*fpm.*\.service")
service=${service//.service/}
else
service=$(ls /etc/init.d/php*fpm* |cut -f 4 -d /)
fi
else else
service=$WEB_SYSTEM service=$WEB_SYSTEM
fi fi
fi fi
service $service restart >/dev/null 2>&1 for single_service in $service; do
service $single_service restart >/dev/null 2>&1
done <<< "$service"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
for config in $dst; do for config in $dst; do
cat $config.vst.back > $config cat $config.vst.back > $config

162
bin/v-check-letsencrypt-domain
View file

@ -1,162 +0,0 @@
#!/bin/bash
# info: check letsencrypt domain
# options: USER DOMAIN
#
# The function check and validates domain with LetsEncript
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
# Additional argument formatting
format_domain_idn
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
fi
rdomain=$(egrep "'$domain'|'$domain,|,$domain,|,$domain'" $USER_DATA/web.conf)
if [ -z "$rdomain" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
source $USER_DATA/ssl/le.conf
api='https://acme-v01.api.letsencrypt.org'
r_domain=$(echo "$rdomain" |cut -f 2 -d \')
key="$USER_DATA/ssl/user.key"
exponent="$EXPONENT"
modulus="$MODULUS"
thumb="$THUMB"
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining ACME query (request challenge)
query='{"resource":"new-authz","identifier"'
query=$query':{"type":"dns","value":"'"$domain_idn"'"}}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$api/acme/new-authz")
# Checking http answer status
status=$(echo "$answer" |grep HTTP/1.1 |tail -n1 |cut -f2 -d ' ')
if [[ "$status" -ne "201" ]]; then
check_result $E_CONNECT "LetsEncrypt challenge request $status"
fi
# Parsing domain nonce,token and uri
nonce=$(echo "$answer" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
token=$(echo "$answer" |grep -A 3 http-01 |grep token |cut -f 4 -d \")
uri=$(echo "$answer" |grep -A 3 http-01 |grep uri |cut -f 4 -d \")
# Adding location wrapper for request challenge
if [ "$WEB_SYSTEM" = 'nginx' ] || [ "$PROXY_SYSTEM" = 'nginx' ]; then
conf="$HOMEDIR/$user/conf/web/nginx.$r_domain.conf_letsencrypt"
sconf="$HOMEDIR/$user/conf/web/snginx.$r_domain.conf_letsencrypt"
if [ ! -e "$conf" ]; then
echo 'location ~ "^/\.well-known/acme-challenge/(.*)$" {' > $conf
echo ' default_type text/plain;' >> $conf
echo ' return 200 "$1.'$thumb'";' >> $conf
echo '}' >> $conf
fi
if [ ! -e "$sconf" ]; then
ln -s "$conf" "$sconf"
fi
fi
acme="$HOMEDIR/$user/web/$r_domain/public_html/.well-known/acme-challenge"
if [ ! -d "$acme" ]; then
mkdir -p $acme
fi
echo "$token.$thumb" > $acme/$token
chown -R $user:$user $HOMEDIR/$user/web/$r_domain/public_html/.well-known
# Restarting web server
if [ -z "$PROXY_SYSTEM" ]; then
$BIN/v-restart-web
check_result $? "Proxy restart failed" >/dev/null
else
$BIN/v-restart-proxy
$BIN/v-restart-web
check_result $? "Web restart failed" >/dev/null
fi
# Defining ACME query (request validation)
query='{"resource":"challenge","type":"http-01","keyAuthorization"'
query=$query':"'$token.$thumb'","token":"'$token'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(curl -s -i -d "$data" "$uri")
# Checking domain validation status
i=1
status=$(echo $answer |tr ',' '\n' |grep status |cut -f 4 -d \")
location=$(echo "$answer" |grep Location: |awk '{print $2}' |tr -d '\r\n')
while [ "$status" = 'pending' ]; do
answer=$(curl -s -i "$location")
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
status=$(echo "$answer" |tr ',' '\n' |grep status |cut -f 4 -d \")
sleep 1
i=$((i + 1))
if [ "$i" -gt 60 ]; then
check_result $E_CONNECT "$detail"
fi
done
if [ "$status" = 'invalid' ]; then
detail="$(echo $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
check_result $E_CONNECT "$detail"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

2
bin/v-delete-mail-domain
View file

@ -56,7 +56,7 @@ fi
# Deleting dkim dns record # Deleting dkim dns record
if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then if [ "$DKIM" = 'yes' ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then
records=$($BIN/v-list-dns-records $user $domain plain) records=$($BIN/v-list-dns-records $user $domain plain)
dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') dkim_records=$(echo "$records" |grep -w '_domainkey' |cut -f 1)
for id in $dkim_records; do for id in $dkim_records; do
$BIN/v-delete-dns-record $user $domain $id $BIN/v-delete-dns-record $user $domain $id
done done

75
bin/v-delete-sys-mail-ssl Executable file
View file

@ -0,0 +1,75 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
vst_crt="$VESTA/ssl/certificate.crt"
vst_key="$VESTA/ssl/certificate.key"
# Updating mail certificate
case $MAIL_SYSTEM in
exim) conf='/etc/exim/exim.conf';;
exim4) conf='/etc/exim4/exim4.conf.template';;
esac
if [ -e "$conf" ]; then
sed -e "s|^tls_certificate.*|tls_certificate = $vst_crt|" \
-e "s|^tls_privatekey.*|tls_privatekey = $vst_key|" -i $conf
fi
# Updating imap certificate
conf="/etc/dovecot/conf.d/10-ssl.conf"
if [ ! -z "$IMAP_SYSTEM" ] && [ -e "$conf" ]; then
sed -e "s|ssl_cert.*|ssl_cert = <$vst_crt|" \
-e "s|ssl_key.*|ssl_key = <$vst_key|" -i $conf
fi
# Moving old certificates
if [ -e "$VESTA/ssl/mail.crt" ]; then
mv -f $VESTA/ssl/mail.crt $VESTA/ssl/mail.crt.old
fi
if [ -e "VESTA/ssl/mail.key" ]; then
mv $VESTA/ssl/mail.key VESTA/ssl/mail.key.old
fi
# Updating vesta.conf value
sed -i "/MAIL_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Restarting services
if [ "$restart" != 'no' ]; then
if [ ! -z "$MAIL_SYSTEM" ]; then
$BIN/v-restart-service $MAIL_SYSTEM
fi
if [ ! -z "$IMAP_SYSTEM" ]; then
$BIN/v-restart-service $IMAP_SYSTEM
fi
fi
# Logging
log_event "$OK" "$ARGUMENTS"
exit

37
bin/v-delete-sys-vesta-ssl Executable file
View file

@ -0,0 +1,37 @@
#!/bin/bash
# info: delete sys vesta user ssl certificate
# options: NONE
#
# The script disables user domain ssl synchronization
#----------------------------------------------------------#
# Variable & Function #
#----------------------------------------------------------#
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Updating vesta.conf value
sed -i "/VESTA_CERTIFICATE=/ d" $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

2
bin/v-delete-user-favourites
View file

@ -32,6 +32,8 @@ case $system in
DNS_REC) is_format_valid 'id' ;; DNS_REC) is_format_valid 'id' ;;
*) is_format_valid 'object' *) is_format_valid 'object'
esac esac
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user"

1
bin/v-list-dns-domain
View file

@ -71,6 +71,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'dns' 'DOMAIN' "$domain" is_object_valid 'dns' 'DOMAIN' "$domain"

1
bin/v-list-letsencrypt-user
View file

@ -56,6 +56,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist" check_result $E_NOTEXIST "LetsEncrypt user account doesn't exist"

3
bin/v-list-mail-domain-dkim-dns
View file

@ -57,6 +57,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'mail' 'DOMAIN' "$domain" is_object_valid 'mail' 'DOMAIN' "$domain"
@ -67,7 +68,7 @@ is_object_valid 'mail' 'DOMAIN' "$domain"
# Parsing domain keys # Parsing domain keys
if [ -e "$USER_DATA/mail/$domain.pub" ]; then if [ -e "$USER_DATA/mail/$domain.pub" ]; then
pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----") pub=$(cat $USER_DATA/mail/$domain.pub |grep -v "KEY-----" |tr -d "\n\r")
pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g') pub=$(echo "$pub" |sed ':a;N;$!ba;s/\n/\\n/g')
else else
pub="DKIM-SUPPORT-IS-NOT-ACTIVATED" pub="DKIM-SUPPORT-IS-NOT-ACTIVATED"

17
bin/v-list-sys-config Executable file → Normal file
View file

@ -53,6 +53,8 @@ json_list() {
"DB_PGA_URL": "'$DB_PGA_URL'", "DB_PGA_URL": "'$DB_PGA_URL'",
"SOFTACULOUS": "'$SOFTACULOUS'", "SOFTACULOUS": "'$SOFTACULOUS'",
"MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'" "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'"
"MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'",
"VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'"
} }
}' }'
} }
@ -139,6 +141,12 @@ shell_list() {
if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then if [ ! -z "$LANGUAGE" ] && [ "$LANGUAGE" != 'en' ]; then
echo "Language: $LANGUAGE" echo "Language: $LANGUAGE"
fi fi
if [ ! -z "$MAIL_CERTIFICATE" ]; then
echo "Mail SSL: $MAIL_CERTIFICATE"
fi
if [ ! -z "$VESTA_CERTIFICATE" ]; then
echo "Vesta SSL: $VESTA_CERTIFICATE"
fi
echo "Version: $VERSION" echo "Version: $VERSION"
} }
@ -152,7 +160,8 @@ plain_list() {
echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t" echo -ne "$CRON_SYSTEM\t$DISK_QUOTA\t$FIREWALL_SYSTEM\t"
echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t" echo -ne "$FIREWALL_EXTENSION\t$FILEMANAGER_KEY\t$SFTPJAIL_KEY\t"
echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t" echo -ne "$REPOSITORY\t$VERSION\t$LANGUAGE\t$BACKUP_GZIP\t$BACKUP\t"
echo -e "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL" echo -ne "$MAIL_URL\t$DB_PMA_URL\t$DB_PGA_URL\t$MAIL_CERTIFICATE\t"
echo -e "$VESTA_CERTIFICATE"
} }
@ -166,7 +175,8 @@ csv_list() {
echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM'," echo -n "'CRON_SYSTEM','DISK_QUOTA','FIREWALL_SYSTEM',"
echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY'," echo -n "'FIREWALL_EXTENSION','FILEMANAGER_KEY','SFTPJAIL_KEY',"
echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP'," echo -n "'REPOSITORY','VERSION','LANGUAGE','BACKUP_GZIP','BACKUP',"
echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL'" echo -n "'MAIL_URL','DB_PMA_URL','DB_PGA_URL', 'SOFTACULOUS',"
echo -n "'MAIL_CERTIFICATE','VESTA_CERTIFICATE'"
echo echo
echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL'," echo -n "'$WEB_SYSTEM','$WEB_RGROUPS','$WEB_PORT','$WEB_SSL',"
echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT'," echo -n "'$WEB_SSL_PORT','$WEB_BACKEND','$PROXY_SYSTEM','$PROXY_PORT',"
@ -177,6 +187,7 @@ csv_list() {
echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY'," echo -n "'$FIREWALL_EXTENSION','$FILEMANAGER_KEY','$SFTPJAIL_KEY',"
echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP'," echo -n "'$REPOSITORY','$VERSION','$LANGUAGE','$BACKUP_GZIP','$BACKUP',"
echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'" echo -n "'$MAIL_URL','$DB_PMA_URL','$DB_PGA_URL', '$SOFTACULOUS'"
echo -n "'$MAIL_CERTIFICATE','$VESTA_CERTIFICATE'"
echo echo
} }
@ -188,7 +199,7 @@ csv_list() {
# Listing data # Listing data
case $format in case $format in
json) json_list ;; json) json_list ;;
plain) shell_list ;; plain) plain_list ;;
csv) csv_list ;; csv) csv_list ;;
shell) shell_list ;; shell) shell_list ;;
esac esac

135
bin/v-list-sys-mail-ssl Executable file
View file

@ -0,0 +1,135 @@
#!/bin/bash
# info: list mail ssl certificate
# options: [FORMAT]
#
# The function of obtaining mail ssl files.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
echo '{'
echo -e "\t\"MAIL\": {"
echo " \"CRT\": \"$crt\","
echo " \"KEY\": \"$key\","
echo " \"CA\": \"$ca\","
echo " \"SUBJECT\": \"$subj\","
echo " \"ALIASES\": \"$alt_dns\","
echo " \"NOT_BEFORE\": \"$before\","
echo " \"NOT_AFTER\": \"$after\","
echo " \"SIGNATURE\": \"$signature\","
echo " \"PUB_KEY\": \"$pub_key\","
echo " \"ISSUER\": \"$issuer\""
echo -e "\t}\n}"
}
# SHELL list function
shell_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$crt" ]; then
echo
echo
echo "SUBJECT: $subj"
if [ ! -z "$alt_dns" ]; then
echo "ALIASES: ${alt_dns//,/ }"
fi
echo "VALID FROM: $before"
echo "VALID TIL: $after"
echo "SIGNATURE: $signature"
echo "PUB_KEY: $pub_key"
echo "ISSUER: $issuer"
fi
}
# PLAIN list function
plain_list() {
if [ ! -z "$crt" ]; then
echo -e "$crt"
fi
if [ ! -z "$key" ]; then
echo -e "\n$key"
fi
if [ ! -z "$ca" ]; then
echo -e "\n$ca"
fi
if [ ! -z "$crt" ]; then
echo "$subj"
echo "${alt_dns//,/ }"
echo "$before"
echo "$after"
echo "$signature"
echo "$pub_key"
echo "$issuer"
fi
}
# CSV list function
csv_list() {
echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
echo "PUB_KEY,ISSUER"
echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Parsing SSL certificate
if [ ! -e "$VESTA/ssl/mail.crt" ] || [ ! -e "$VESTA/ssl/mail.key" ]; then
exit
fi
crt=$(cat $VESTA/ssl/mail.crt |sed ':a;N;$!ba;s/\n/\\n/g')
key=$(cat $VESTA/ssl/mail.key |sed ':a;N;$!ba;s/\n/\\n/g')
# Parsing SSL certificate details without CA
info=$(openssl x509 -text -in $VESTA/ssl/mail.crt)
subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

1
bin/v-list-user
View file

@ -154,6 +154,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

1
bin/v-list-user-backup
View file

@ -75,6 +75,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER BACKUP [FORMAT]' check_args '2' "$#" 'USER BACKUP [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'backup' 'BACKUP' "$backup" is_object_valid 'backup' 'BACKUP' "$backup"

1
bin/v-list-user-stats
View file

@ -115,6 +115,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

1
bin/v-list-web-domain
View file

@ -110,6 +110,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"

1
bin/v-list-web-domain-ssl
View file

@ -98,6 +98,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '2' "$#" 'USER DOMAIN [FORMAT]' check_args '2' "$#" 'USER DOMAIN [FORMAT]'
is_format_valid 'user' 'domain'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"
is_object_valid 'web' 'DOMAIN' "$domain" is_object_valid 'web' 'DOMAIN' "$domain"

1
bin/v-list-web-domains
View file

@ -100,6 +100,7 @@ csv_list() {
#----------------------------------------------------------# #----------------------------------------------------------#
check_args '1' "$#" 'USER [FORMAT]' check_args '1' "$#" 'USER [FORMAT]'
is_format_valid 'user'
is_object_valid 'user' 'USER' "$user" is_object_valid 'user' 'USER' "$user"

26
bin/v-restore-user
View file

@ -406,15 +406,21 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then
fi fi
# Restoring web domain data # Restoring web domain data
tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ chown $user $tmpdir
-C $HOMEDIR/$user/web/$domain/ chmod u+w $HOMEDIR/$user/web/$domain
if [ "$?" -ne 0 ]; then sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \
rm -rf $tmpdir -C $HOMEDIR/$user/web/$domain/ --exclude=logs/* \
error="can't unpack $domain data tarball" 2> $HOMEDIR/$user/web/$domain/restore_errors.log
echo "$error" |$SENDMAIL -s "$subj" $email $notify if [ -e "$HOMEDIR/$user/web/$domain/restore_errors.log" ]; then
sed -i "/ $user /d" $VESTA/data/queue/backup.pipe chown $user:$user $HOMEDIR/$user/web/$domain/restore_errors.log
check_result "$E_PARSING" "$error"
fi fi
#if [ "$?" -ne 0 ]; then
# rm -rf $tmpdir
# error="can't unpack $domain data tarball"
# echo "$error" |$SENDMAIL -s "$subj" $email $notify
# sed -i "/ $user /d" $VESTA/data/queue/backup.pipe
# check_result "$E_PARSING" "$error"
#fi
# Applying Fix for tar < 1.24 # Applying Fix for tar < 1.24
find $HOMEDIR/$user/web/$domain -type d \ find $HOMEDIR/$user/web/$domain -type d \
@ -592,7 +598,9 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then
# Restoring emails # Restoring emails
if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then
tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ chown $user $tmpdir
chmod u+w $HOMEDIR/$user/mail/$domain_idn
sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \
-C $HOMEDIR/$user/mail/$domain_idn/ -C $HOMEDIR/$user/mail/$domain_idn/
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
rm -rf $tmpdir rm -rf $tmpdir

93
bin/v-search-ssl-certificates Executable file
View file

@ -0,0 +1,93 @@
#!/bin/bash
# info: search ssl certificates
# options: [FORMAT]
#
# The function to obtain the list of available ssl certificates.
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
format=${1-shell}
# Includes
source $VESTA/func/main.sh
# JSON list function
json_list() {
IFS=$'\n'
objects=$(echo "$search_cmd" |wc -l)
i=1
echo '['
for str in $search_cmd; do
eval $str
if [ "$i" -lt "$objects" ]; then
echo -e "\t\"$USER:$DOMAIN\","
else
echo -e "\t\"$USER:$DOMAIN\""
fi
(( ++i))
done
echo "]"
}
# SHELL list function
shell_list() {
IFS=$'\n'
echo "USER DOMAIN"
echo "---- ------"
for str in $search_cmd; do
eval $str
echo "$USER $DOMAIN"
done
}
# PLAIN list function
plain_list() {
IFS=$'\n'
for str in $search_cmd; do
eval $str
echo -e "$USER\t$DOMAIN"
done
}
# CSV list function
csv_list() {
IFS=$'\n'
echo "USER,DOMAIN"
for str in $search_cmd; do
eval $str
echo "$USER,$DOMAIN"
done
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
search_cmd=$(grep -H "SSL='yes'" $VESTA/data/users/*/web.conf |\
cut -f 1 -d ' ' |\
sed -e "s|$VESTA/data/users/|USER='|" -e "s|/web.conf:|' |")
# Listing data
case $format in
json) json_list ;;
plain) plain_list ;;
csv) csv_list ;;
shell) shell_list |column -t ;;
esac
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

110
bin/v-sign-letsencrypt-csr
View file

@ -1,110 +0,0 @@
#!/bin/bash
# info: sing letsencrypt csr
# options: USER DOMAIN CSR_DIR [FORMAT]
#
# The function signs certificate request using LetsEncript API
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Argument definition
user=$1
domain=$2
csr="$3/$domain.csr"
format=$4
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
# encode base64
encode_base64() {
cat |base64 |tr '+/' '-_' |tr -d '\r\n='
}
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '3' "$#" 'USER DOMAIN CSR'
is_format_valid 'user' 'domain'
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
if [ ! -e "$USER_DATA/ssl/le.conf" ]; then
check_result $E_NOTEXIST "LetsEncrypt key doesn't exist"
fi
check_domain=$(grep -w "$domain'" $USER_DATA/web.conf)
if [ -z "$check_domain" ]; then
check_result $E_NOTEXIST "domain $domain doesn't exist"
fi
if [ ! -e "$csr" ]; then
check_result $E_NOTEXIST "$csr doesn't exist"
fi
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
source $USER_DATA/ssl/le.conf
api='https://acme-v01.api.letsencrypt.org'
key="$USER_DATA/ssl/user.key"
exponent="$EXPONENT"
modulus="$MODULUS"
thumb="$THUMB"
# Defining JWK header
header='{"e":"'$exponent'","kty":"RSA","n":"'"$modulus"'"}'
header='{"alg":"RS256","jwk":'"$header"'}'
# Requesting nonce
nonce=$(curl -s -I "$api/directory" |grep Nonce |cut -f2 -d \ |tr -d '\r\n')
protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64)
# Defining ACME query (request challenge)
csr=$(openssl req -in $csr -outform DER |encode_base64)
query='{"resource":"new-cert","csr":"'$csr'"}'
payload=$(echo -n "$query" |encode_base64)
signature=$(printf "%s" "$protected.$payload" |\
openssl dgst -sha256 -binary -sign "$key" |encode_base64)
data='{"header":'"$header"',"protected":"'"$protected"'",'
data=$data'"payload":"'"$payload"'","signature":"'"$signature"'"}'
# Sending request to LetsEncrypt API
answer=$(mktemp)
curl -s -d "$data" "$api/acme/new-cert" -o $answer
if [ ! -z "$(grep Error $answer)" ]; then
detail="$(cat $answer |tr ',' '\n' |grep detail |cut -f 4 -d \")"
detail=$(echo "$detail" |awk -F "::" '{print $2}')
rm $answer
check_result $E_LIMIT "$detail"
fi
# Printing certificate
crt=$(cat "$answer" |openssl base64 -e)
rm $answer
if [ "$format" != 'json' ]; then
echo "-----BEGIN CERTIFICATE-----"
echo "$crt"
echo "-----END CERTIFICATE-----"
else
echo -e "{\n\t\"$domain\": {\n\t\t\"CRT\":\""
echo -n '-----BEGIN CERTIFICATE-----\n'
echo -n "$crt" |sed ':a;N;$!ba;s/\n/\\n/g'
echo -n '-----END CERTIFICATE-----'
echo -e "\"\n\t\t}\n\t}"
fi
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$ARGUMENTS"
exit

3
bin/v-unsuspend-mail-account
View file

@ -48,6 +48,9 @@ is_object_suspended "mail/$domain" 'ACCOUNT' "$account"
if [[ "$MAIL_SYSTEM" =~ exim ]]; then if [[ "$MAIL_SYSTEM" =~ exim ]]; then
md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5') md5=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$MD5')
quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA') quota=$(get_object_value "mail/$domain" 'ACCOUNT' "$account" '$QUOTA')
if [ "$quota" = 'unlimited' ]; then
quota=0
fi
sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd sed -i "/^$account:/d" $HOMEDIR/$user/conf/mail/$domain/passwd
str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota" str="$account:$md5:$user:mail::$HOMEDIR/$user:$quota"
echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd echo $str >> $HOMEDIR/$user/conf/mail/$domain/passwd

5
bin/v-update-firewall
View file

@ -51,11 +51,6 @@ if [ $? -ne 0 ]; then
conntrack_ftp='no' conntrack_ftp='no'
fi fi
# Checking custom OpenSSH port
sshport=$(grep '^Port ' /etc/ssh/sshd_config | head -1 | cut -d ' ' -f 2)
if [[ "$sshport" =~ ^[0-9]+$ ]] && [ "$sshport" -ne "22" ]; then
sed -i "s/PORT='22'/PORT=\'$sshport\'/" $rules
fi
# Creating temporary file # Creating temporary file
tmp=$(mktemp) tmp=$(mktemp)

40
bin/v-update-letsencrypt-ssl
View file

@ -22,51 +22,33 @@ source $VESTA/conf/vesta.conf
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
# Defining user list
users=$($BIN/v-list-users | tail -n+3 | awk '{ print $1 }')
lecounter=0 lecounter=0
# Checking users
for user in $users; do
USER_DATA=$VESTA/data/users/$user
# Checking user certificates # Checking user certificates
for user in $($BIN/v-list-users plain |cut -f 1); do
USER_DATA=$VESTA/data/users/$user
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
# Working on Web domain check - if is suspended crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
webSuspended=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf |grep "SUSPENDED='yes") not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
if [ ! -z "$webSuspended" ]; then expiration=$(date -d "$not_after" +%s)
continue;
fi;
crt="$VESTA/data/users/$user/ssl/$domain.crt"
crt_data=$(openssl x509 -text -in "$crt")
expire=$(echo "$crt_data" |grep "Not After")
expire=$(echo "$expire" |cut -f 2,3,4 -d :)
expire=$(date -d "$expire" +%s)
now=$(date +%s) now=$(date +%s)
expire=$((expire - now)) seconds_valid=$((expiration - now))
expire=$((expire / 86400)) days_valid=$((seconds_valid / 86400))
domain=$(basename $crt |sed -e "s/.crt$//") if [[ "$days_valid" -lt 31 ]]; then
if [[ "$expire" -lt 31 ]]; then
if [ $lecounter -gt 0 ]; then if [ $lecounter -gt 0 ]; then
sleep 120 sleep 120
fi fi
((lecounter++)) ((lecounter++))
aliases=$(echo "$crt_data" |grep DNS:) aliases=$(echo "$crt_data" |grep DNS:)
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//") aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d") aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
aliases=$(echo "$aliases" |grep -v "^$domain$") aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
if [ ! -z "$aliases" ]; then
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g') aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases) msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "$domain $msg" echo "$domain $msg"
fi fi
else
msg==$($BIN/v-add-letsencrypt-domain $user $domain)
if [ $? -ne 0 ]; then
echo "$domain $msg"
fi
fi
fi fi
done done
done done

2
bin/v-update-sys-ip
View file

@ -44,7 +44,7 @@ if [[ "$ip_num" -eq '1' ]] && [[ "$v_ip_num" -eq 1 ]]; then
fi fi
# Updating configs # Updating configs
if [ ! -z "$new" ]; then if [ ! -z "$old" ]; then
mv $VESTA/data/ips/$old $VESTA/data/ips/$new mv $VESTA/data/ips/$old $VESTA/data/ips/$new
# Updating PROXY # Updating PROXY

2
bin/v-update-sys-rrd-pgsql
View file

@ -85,7 +85,7 @@ for host in $hosts; do
# Parsing data # Parsing data
q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends) q='SELECT SUM(xact_commit + xact_rollback), SUM(numbackends)
FROM pg_stat_database;' FROM pg_stat_database;'
status=$($sql plsql -d postgres -c "$q" 2>/dev/null); code="$?" status=$($sql psql -d postgres -c "$q" 2>/dev/null); code="$?"
if [ '0' -ne "$code" ]; then if [ '0' -ne "$code" ]; then
active=0 active=0
slow=0 slow=0

2
bin/v-update-sys-vesta
View file

@ -33,7 +33,7 @@ check_args '1' "$#" 'PACKAGE'
# Action # # Action #
#----------------------------------------------------------# #----------------------------------------------------------#
if [ -d "/etc/sysconfig" ]; then if [ -n "$(command -v yum)" ]; then
# Clean yum chache # Clean yum chache
yum -q clean all yum -q clean all

4
func/db.sh
View file

@ -55,14 +55,14 @@ mysql_query() {
mysql_dump() { mysql_dump() {
err="/tmp/e.mysql" err="/tmp/e.mysql"
mysqldump --defaults-file=$mycnf --single-transaction -r $1 $2 2> $err mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err
if [ '0' -ne "$?" ]; then if [ '0' -ne "$?" ]; then
rm -rf $tmpdir rm -rf $tmpdir
if [ "$notify" != 'no' ]; then if [ "$notify" != 'no' ]; then
echo -e "Can't dump database $database\n$(cat $err)" |\ echo -e "Can't dump database $database\n$(cat $err)" |\
$SENDMAIL -s "$subj" $email $SENDMAIL -s "$subj" $email
fi fi
echo "Error: dump $database failed" echo "Error: dump $database failed\n$(cat $err)"
log_event "$E_DB" "$ARGUMENTS" log_event "$E_DB" "$ARGUMENTS"
exit $E_DB exit $E_DB
fi fi

10
func/domain.sh
View file

@ -215,7 +215,11 @@ add_web_config() {
fi fi
fi fi
trigger="${2/.*pl/.sh}" trigger="${2/%.tpl/.sh}"
if [[ "$2" =~ stpl$ ]]; then
trigger="${2/%.stpl/.sh}"
fi
if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then if [ -x "$WEBTPL/$1/$WEB_BACKEND/$trigger" ]; then
$WEBTPL/$1/$WEB_BACKEND/$trigger \ $WEBTPL/$1/$WEB_BACKEND/$trigger \
$user $domain $local_ip $HOMEDIR \ $user $domain $local_ip $HOMEDIR \
@ -285,9 +289,11 @@ del_web_config() {
if [[ "$2" =~ stpl$ ]]; then if [[ "$2" =~ stpl$ ]]; then
conf="$HOMEDIR/$user/conf/web/s$1.conf" conf="$HOMEDIR/$user/conf/web/s$1.conf"
fi fi
if [ -e "$conf" ]; then
get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf get_web_config_lines $WEBTPL/$1/$WEB_BACKEND/$2 $conf
sed -i "$top_line,$bottom_line d" $conf sed -i "$top_line,$bottom_line d" $conf
fi fi
fi
# clean-up for both config styles if there is no more domains # clean-up for both config styles if there is no more domains
web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l) web_domain=$(grep DOMAIN $USER_DATA/web.conf |wc -l)
if [ "$web_domain" -eq '0' ]; then if [ "$web_domain" -eq '0' ]; then
@ -337,7 +343,7 @@ is_web_domain_cert_valid() {
check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)" check_result $E_FORBIDEN "SSL Key is protected (remove pass_phrase)"
fi fi
openssl s_server -quiet -cert $ssl_dir/$domain.crt \ openssl s_server -port 654321 -quiet -cert $ssl_dir/$domain.crt \
-key $ssl_dir/$domain.key >> /dev/null 2>&1 & -key $ssl_dir/$domain.key >> /dev/null 2>&1 &
pid=$! pid=$!
sleep 0.5 sleep 0.5

2
func/ip.sh
View file

@ -141,7 +141,7 @@ get_real_ip() {
else else
nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*) nat=$(grep -H "^NAT='$1'" $VESTA/data/ips/*)
if [ ! -z "$nat" ]; then if [ ! -z "$nat" ]; then
echo "$nat" |cut -f 1 -d : |cut -f 7 -d / echo "$nat" |cut -f 1 -d : |cut -f 7 -d / |head -n 1
fi fi
fi fi
} }

6
func/main.sh
View file

@ -36,6 +36,7 @@ E_DB=17
E_RRD=18 E_RRD=18
E_UPDATE=19 E_UPDATE=19
E_RESTART=20 E_RESTART=20
E_TEAPOT=418
# Event string for logger # Event string for logger
for ((I=1; I <= $# ; I++)); do for ((I=1; I <= $# ; I++)); do
@ -214,7 +215,8 @@ is_object_new() {
is_object_valid() { is_object_valid() {
if [ $2 = 'USER' ]; then if [ $2 = 'USER' ]; then
is_user_format_valid $3 'user' is_user_format_valid $3 'user'
if [ ! -d "$VESTA/data/users/$3" ]; then user_vst_dir=$(basename $3)
if [ ! -d "$VESTA/data/users/$user_vst_dir" ]; then
check_result $E_NOTEXIST "$1 $3 doesn't exist" check_result $E_NOTEXIST "$1 $3 doesn't exist"
fi fi
else else
@ -665,7 +667,7 @@ is_dbuser_format_valid() {
# DNS record type validator # DNS record type validator
is_dns_type_format_valid() { is_dns_type_format_valid() {
known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA' known_dnstype='A,AAAA,NS,CNAME,MX,TXT,SRV,DNSKEY,KEY,IPSECKEY,PTR,SPF,TLSA,CAA'
if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then if [ -z "$(echo $known_dnstype |grep -w $1)" ]; then
check_result $E_INVALID "invalid dns record type format :: $1" check_result $E_INVALID "invalid dns record type format :: $1"
fi fi

9
func/rebuild.sh
View file

@ -152,7 +152,7 @@ rebuild_web_domain_conf() {
prepare_web_domain_values prepare_web_domain_values
# Rebuilding domain directories # Rebuilding domain directories
mkdir -p $HOMEDIR/$user/web/$domain \ sudo -u $user mkdir -p $HOMEDIR/$user/web/$domain \
$HOMEDIR/$user/web/$domain/public_html \ $HOMEDIR/$user/web/$domain/public_html \
$HOMEDIR/$user/web/$domain/public_shtml \ $HOMEDIR/$user/web/$domain/public_shtml \
$HOMEDIR/$user/web/$domain/document_errors \ $HOMEDIR/$user/web/$domain/document_errors \
@ -178,7 +178,8 @@ rebuild_web_domain_conf() {
# Propagating html skeleton # Propagating html skeleton
if [ ! -e "$WEBTPL/skel/document_errors/" ]; then if [ ! -e "$WEBTPL/skel/document_errors/" ]; then
cp -r $WEBTPL/skel/document_errors/ $HOMEDIR/$user/web/$domain/ sudo -u $user cp -r $WEBTPL/skel/document_errors/ \
$HOMEDIR/$user/web/$domain/
fi fi
# Set folder permissions # Set folder permissions
@ -600,7 +601,7 @@ rebuild_pgsql_database() {
exit $E_CONNECT exit $E_CONNECT
fi fi
query="CREATE ROLE $DBUSER" query="CREATE ROLE $DBUSER WITH LOGIN"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'" query="UPDATE pg_authid SET rolpassword='$MD5' WHERE rolname='$DBUSER'"
@ -617,7 +618,7 @@ rebuild_pgsql_database() {
query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER" query="GRANT ALL PRIVILEGES ON DATABASE $DB TO $DBUSER"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
query="GRANT CONNECT ON DATABASE template1 to $dbuser" query="GRANT CONNECT ON DATABASE template1 to $DBUSER"
psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1 psql -h $HOST -U $USER -c "$query" > /dev/null 2>&1
} }

7
install/debian/7/pma/config.inc.php
View file

@ -137,6 +137,13 @@ if (!empty($dbname)) {
$cfg['UploadDir'] = ''; $cfg['UploadDir'] = '';
$cfg['SaveDir'] = ''; $cfg['SaveDir'] = '';
/*
* Temp dir for faster beahivour
*
*/
$cfg['TempDir'] = '/tmp';
/* Support additional configurations */ /* Support additional configurations */
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
{ {

2
install/debian/7/templates/web/apache2/basedir.stpl
View file

@ -15,7 +15,7 @@
AllowOverride All AllowOverride All
SSLRequireSSL SSLRequireSSL
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"

2
install/debian/7/templates/web/apache2/hosting.stpl
View file

@ -22,7 +22,7 @@
php_admin_flag mysql.allow_persistent off php_admin_flag mysql.allow_persistent off
php_admin_flag safe_mode off php_admin_flag safe_mode off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>

2
install/debian/7/templates/web/apache2/phpcgi.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php Action phpcgi-script /cgi-bin/php

2
install/debian/7/templates/web/apache2/phpfcgid.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
<Files *.php> <Files *.php>

3
install/debian/7/templates/web/nginx/caching.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

3
install/debian/7/templates/web/nginx/default.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

5
install/debian/7/templates/web/nginx/hosting.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
@ -31,7 +30,7 @@ server {
location ~ /\.hg/ {return 404;} location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;} location ~ /\.bzr/ {return 404;}
disable_symlinks if_not_owner from=%docroot%; disable_symlinks if_not_owner from=%sdocroot%;
include %home%/%user%/conf/web/snginx.%domain%.conf*; include %home%/%user%/conf/web/snginx.%domain%.conf*;
} }

9
install/debian/7/templates/web/nginx/http2.stpl
View file

@ -1,17 +1,16 @@
server { server {
listen %ip%:%proxy_ssl_port% http2; listen %ip%:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/debian/7/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

22
install/debian/7/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,18 +39,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri @rewrite; try_files $uri @rewrite;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -68,6 +57,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

22
install/debian/7/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,18 +35,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri @rewrite; try_files $uri @rewrite;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -64,6 +53,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

18
install/debian/7/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,14 +39,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -68,6 +61,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

18
install/debian/7/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,14 +35,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -64,6 +57,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

17
install/debian/7/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,15 +39,13 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ { location ~ /vendor/.*\.php$ {
deny all; deny all;
return 404; return 404;
} }
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
@ -68,6 +66,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

17
install/debian/7/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,15 +35,13 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ { location ~ /vendor/.*\.php$ {
deny all; deny all;
return 404; return 404;
} }
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
@ -64,6 +62,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

2
install/debian/7/templates/web/nginx/php5-fpm/sendy.stpl
View file

@ -3,7 +3,7 @@ server {
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
root %docroot%; root %sdocroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

2
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl
View file

@ -1,7 +1,7 @@
server { server {
listen %ip%:%web_ssl_port%; listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
root %docroot%; root %sdocroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

89
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl Normal file
View file

@ -0,0 +1,89 @@
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}

85
install/debian/7/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl Normal file
View file

@ -0,0 +1,85 @@
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain%.conf*;
}

7
install/debian/8/pma/config.inc.php
View file

@ -137,6 +137,13 @@ if (!empty($dbname)) {
$cfg['UploadDir'] = ''; $cfg['UploadDir'] = '';
$cfg['SaveDir'] = ''; $cfg['SaveDir'] = '';
/*
* Temp dir for faster beahivour
*
*/
$cfg['TempDir'] = '/tmp';
/* Support additional configurations */ /* Support additional configurations */
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
{ {

2
install/debian/8/templates/web/apache2/basedir.stpl
View file

@ -15,7 +15,7 @@
AllowOverride All AllowOverride All
SSLRequireSSL SSLRequireSSL
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"

2
install/debian/8/templates/web/apache2/hosting.stpl
View file

@ -22,7 +22,7 @@
php_admin_flag mysql.allow_persistent off php_admin_flag mysql.allow_persistent off
php_admin_flag safe_mode off php_admin_flag safe_mode off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>

2
install/debian/8/templates/web/apache2/phpcgi.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php Action phpcgi-script /cgi-bin/php

2
install/debian/8/templates/web/apache2/phpfcgid.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
<Files *.php> <Files *.php>

3
install/debian/8/templates/web/nginx/caching.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

3
install/debian/8/templates/web/nginx/default.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

5
install/debian/8/templates/web/nginx/hosting.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
@ -31,7 +30,7 @@ server {
location ~ /\.hg/ {return 404;} location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;} location ~ /\.bzr/ {return 404;}
disable_symlinks if_not_owner from=%docroot%; disable_symlinks if_not_owner from=%sdocroot%;
include %home%/%user%/conf/web/snginx.%domain%.conf*; include %home%/%user%/conf/web/snginx.%domain%.conf*;
} }

9
install/debian/8/templates/web/nginx/http2.stpl
View file

@ -1,17 +1,16 @@
server { server {
listen %ip%:%proxy_ssl_port% http2; listen %ip%:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass https://%ip%:%web_ssl_port%; proxy_pass https://%ip%:%web_ssl_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %sdocroot%; root %sdocroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

6
install/debian/8/templates/web/nginx/http2.tpl
View file

@ -1,14 +1,14 @@
server { server {
listen %ip%:%proxy_port%; listen %ip%:%proxy_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
error_log /var/log/httpd/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
location / { location / {
proxy_pass http://%ip%:%web_port%; proxy_pass http://%ip%:%web_port%;
location ~* ^.+\.(%proxy_extentions%)$ { location ~* ^.+\.(%proxy_extentions%)$ {
root %docroot%; root %docroot%;
access_log /var/log/httpd/domains/%domain%.log combined; access_log /var/log/%web_system%/domains/%domain%.log combined;
access_log /var/log/httpd/domains/%domain%.bytes bytes; access_log /var/log/%web_system%/domains/%domain%.bytes bytes;
expires max; expires max;
try_files $uri @fallback; try_files $uri @fallback;
} }

22
install/debian/8/templates/web/nginx/php5-fpm/drupal6.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,18 +39,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri @rewrite; try_files $uri @rewrite;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -68,6 +57,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

22
install/debian/8/templates/web/nginx/php5-fpm/drupal6.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,18 +35,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri @rewrite; try_files $uri @rewrite;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -64,6 +53,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

18
install/debian/8/templates/web/nginx/php5-fpm/drupal7.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,14 +39,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -68,6 +61,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

18
install/debian/8/templates/web/nginx/php5-fpm/drupal7.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,14 +35,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -64,6 +57,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

17
install/debian/8/templates/web/nginx/php5-fpm/drupal8.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,15 +39,13 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ { location ~ /vendor/.*\.php$ {
deny all; deny all;
return 404; return 404;
} }
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
@ -68,6 +66,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

17
install/debian/8/templates/web/nginx/php5-fpm/drupal8.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,15 +35,13 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ { location ~ /vendor/.*\.php$ {
deny all; deny all;
return 404; return 404;
} }
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
@ -64,6 +62,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

2
install/debian/8/templates/web/nginx/php5-fpm/sendy.stpl
View file

@ -3,7 +3,7 @@ server {
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
root %docroot%; root %sdocroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

2
install/debian/8/templates/web/nginx/php5-fpm/wordpress2_rewrite.stpl
View file

@ -1,7 +1,7 @@
server { server {
listen %ip%:%web_ssl_port%; listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
root %docroot%; root %sdocroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

89
install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.stpl Normal file
View file

@ -0,0 +1,89 @@
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %sdocroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index-https.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/snginx.%domain%.conf*;
}

85
install/debian/8/templates/web/nginx/php5-fpm/wordpress2_wp_super_cache.tpl Normal file
View file

@ -0,0 +1,85 @@
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
set $cache_uri $request_uri;
if ($request_method = POST) {
set $cache_uri 'null cache';
}
if ($query_string != "") {
set $cache_uri 'null cache';
}
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php
|wp-.*.php|/feed/|index.php|wp-comments-popup.php
|wp-links-opml.php|wp-locations.php |sitemap(_index)?.xml
|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $cache_uri 'null cache';
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+
|wp-postpass|wordpress_logged_in|woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_") {
set $cache_uri 'null cache';
}
location / {
try_files /wp-content/cache/supercache/$http_host/$cache_uri/index.html $uri $uri/ /index.php?$args;
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
location ~ [^/]\.php(/|$) {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/conf/web/%domain%.auth*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain%.conf*;
}

29
install/debian/9/dovecot/conf.d/15-mailboxes.conf Normal file
View file

@ -0,0 +1,29 @@
## Mailbox definitions
##
# NOTE: Assumes "namespace inbox" has been defined in 10-mail.conf.
namespace inbox {
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = subscribe
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox "Sent Messages" {
special_use = \Sent
}
}

7
install/debian/9/pma/config.inc.php
View file

@ -137,6 +137,13 @@ if (!empty($dbname)) {
$cfg['UploadDir'] = ''; $cfg['UploadDir'] = '';
$cfg['SaveDir'] = ''; $cfg['SaveDir'] = '';
/*
* Temp dir for faster beahivour
*
*/
$cfg['TempDir'] = '/tmp';
/* Support additional configurations */ /* Support additional configurations */
foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename) foreach (glob('/etc/phpmyadmin/conf.d/*.php') as $filename)
{ {

2
install/debian/9/templates/web/apache2/basedir.stpl
View file

@ -15,7 +15,7 @@
AllowOverride All AllowOverride All
SSLRequireSSL SSLRequireSSL
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"

2
install/debian/9/templates/web/apache2/hosting.stpl
View file

@ -22,7 +22,7 @@
php_admin_flag mysql.allow_persistent off php_admin_flag mysql.allow_persistent off
php_admin_flag safe_mode off php_admin_flag safe_mode off
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%" php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -f info@%domain_idn%"
php_admin_value open_basedir %docroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpMyAdmin:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcubemail:/etc/roundcube:/var/lib/roundcube
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
</Directory> </Directory>

2
install/debian/9/templates/web/apache2/phpcgi.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
Action phpcgi-script /cgi-bin/php Action phpcgi-script /cgi-bin/php

2
install/debian/9/templates/web/apache2/phpfcgid.stpl
View file

@ -15,7 +15,7 @@
SSLRequireSSL SSLRequireSSL
AllowOverride All AllowOverride All
Options +Includes -Indexes +ExecCGI Options +Includes -Indexes +ExecCGI
php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp
php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp
php_admin_value session.save_path %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp
<Files *.php> <Files *.php>

3
install/debian/9/templates/web/nginx/caching.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

3
install/debian/9/templates/web/nginx/default.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

5
install/debian/9/templates/web/nginx/hosting.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port%; listen %ip%:%proxy_ssl_port% ssl;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;
@ -31,7 +30,7 @@ server {
location ~ /\.hg/ {return 404;} location ~ /\.hg/ {return 404;}
location ~ /\.bzr/ {return 404;} location ~ /\.bzr/ {return 404;}
disable_symlinks if_not_owner from=%docroot%; disable_symlinks if_not_owner from=%sdocroot%;
include %home%/%user%/conf/web/snginx.%domain%.conf*; include %home%/%user%/conf/web/snginx.%domain%.conf*;
} }

3
install/debian/9/templates/web/nginx/http2.stpl
View file

@ -1,7 +1,6 @@
server { server {
listen %ip%:%proxy_ssl_port% http2; listen %ip%:%proxy_ssl_port% ssl http2;
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl on;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
error_log /var/log/%web_system%/domains/%domain%.error.log error; error_log /var/log/%web_system%/domains/%domain%.error.log error;

22
install/debian/9/templates/web/nginx/php-fpm/drupal6.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,18 +39,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri @rewrite; try_files $uri @rewrite;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -68,6 +57,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

22
install/debian/9/templates/web/nginx/php-fpm/drupal6.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,18 +35,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri @rewrite; try_files $uri @rewrite;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -64,6 +53,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

18
install/debian/9/templates/web/nginx/php-fpm/drupal7.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,14 +39,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -68,6 +61,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

18
install/debian/9/templates/web/nginx/php-fpm/drupal7.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,14 +35,7 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string; try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
@ -64,6 +57,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

17
install/debian/9/templates/web/nginx/php-fpm/drupal8.stpl
View file

@ -11,6 +11,11 @@ server {
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -22,11 +27,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -39,15 +39,13 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ { location ~ /vendor/.*\.php$ {
deny all; deny all;
return 404; return 404;
} }
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
@ -68,6 +66,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

17
install/debian/9/templates/web/nginx/php-fpm/drupal8.tpl
View file

@ -7,6 +7,11 @@ server {
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error; error_log /var/log/nginx/domains/%domain%.error.log error;
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location / {
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -18,11 +23,6 @@ server {
access_log off; access_log off;
} }
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ { location ~ \..*/.*\.php$ {
return 403; return 403;
} }
@ -35,15 +35,13 @@ server {
deny all; deny all;
} }
location / {
try_files $uri /index.php?$query_string;
}
location ~ /vendor/.*\.php$ { location ~ /vendor/.*\.php$ {
deny all; deny all;
return 404; return 404;
} }
try_files $uri /index.php?$query_string;
location ~ ^/sites/.*/files/styles/ { location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite; try_files $uri @rewrite;
} }
@ -64,6 +62,7 @@ server {
fastcgi_pass %backend_lsnr%; fastcgi_pass %backend_lsnr%;
include /etc/nginx/fastcgi_params; include /etc/nginx/fastcgi_params;
} }
}
error_page 403 /error/404.html; error_page 403 /error/404.html;
error_page 404 /error/404.html; error_page 404 /error/404.html;

2
install/debian/9/templates/web/nginx/php-fpm/sendy.stpl
View file

@ -3,7 +3,7 @@ server {
server_name %domain_idn% %alias_idn%; server_name %domain_idn% %alias_idn%;
ssl_certificate %ssl_pem%; ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%; ssl_certificate_key %ssl_key%;
root %docroot%; root %sdocroot%;
index index.php index.html index.htm; index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined; access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes; access_log /var/log/nginx/domains/%domain%.bytes bytes;

105
install/debian/9/templates/web/nginx/php-fpm/vbulletin5.stpl Normal file
View file

@ -0,0 +1,105 @@
server {
listen %ip%:%web_ssl_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
ssl on;
ssl_certificate %ssl_pem%;
ssl_certificate_key %ssl_key%;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# legacy css being handled separate for performance
location = /css\.php {
rewrite ^ /core/css.php break;
}
# make install available from presentation
location ^~ /install {
rewrite ^/install/ /core/install/ break;
}
# any request to not existing item gets redirected through routestring
location / {
if (!-f $request_filename) {
rewrite ^/(.*)$ /index.php?routestring=$1 last;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
}
# make admincp available from presentation
location ^~ /admincp {
if (!-f $request_filename) {
rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last;
}
}
# process any php scripts, not found gets redirected through routestring
location ~ \.php$ {
# handles legacy scripts
if (!-f $request_filename) {
rewrite ^/(.*)$ /index.php?routestring=$1 break;
}
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffers 256 16k;
fastcgi_buffer_size 32k;
fastcgi_temp_file_write_size 256k;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/web/%domain%/stats/auth.conf*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
}

100
install/debian/9/templates/web/nginx/php-fpm/vbulletin5.tpl Normal file
View file

@ -0,0 +1,100 @@
server {
listen %ip%:%web_port%;
server_name %domain_idn% %alias_idn%;
root %docroot%;
index index.php index.html index.htm;
access_log /var/log/nginx/domains/%domain%.log combined;
access_log /var/log/nginx/domains/%domain%.bytes bytes;
error_log /var/log/nginx/domains/%domain%.error.log error;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# legacy css being handled separate for performance
location = /css\.php {
rewrite ^ /core/css.php break;
}
# make install available from presentation
location ^~ /install {
rewrite ^/install/ /core/install/ break;
}
# any request to not existing item gets redirected through routestring
location / {
if (!-f $request_filename) {
rewrite ^/(.*)$ /index.php?routestring=$1 last;
}
location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ {
expires max;
}
}
# make admincp available from presentation
location ^~ /admincp {
if (!-f $request_filename) {
rewrite ^/admincp/(.*)$ /index.php?routestring=admincp/$1 last;
}
}
# process any php scripts, not found gets redirected through routestring
location ~ \.php$ {
# handles legacy scripts
if (!-f $request_filename) {
rewrite ^/(.*)$ /index.php?routestring=$1 break;
}
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_pass %backend_lsnr%;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_intercept_errors on;
fastcgi_ignore_client_abort off;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffers 256 16k;
fastcgi_buffer_size 32k;
fastcgi_temp_file_write_size 256k;
include /etc/nginx/fastcgi_params;
}
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
location /error/ {
alias %home%/%user%/web/%domain%/document_errors/;
}
location ~* "/\.(htaccess|htpasswd)$" {
deny all;
return 404;
}
location /vstats/ {
alias %home%/%user%/web/%domain%/stats/;
include %home%/%user%/web/%domain%/stats/auth.conf*;
}
include /etc/nginx/conf.d/phpmyadmin.inc*;
include /etc/nginx/conf.d/phppgadmin.inc*;
include /etc/nginx/conf.d/webmail.inc*;
include %home%/%user%/conf/web/nginx.%domain_idn%.conf*;
}

Some files were not shown because too many files have changed in this diff Show more