diff --git a/.gitignore b/.gitignore index 6701a887..fe0574ad 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ *.gz .vscode .DS_Store +data +conf +log \ No newline at end of file diff --git a/Changelog.md b/Changelog.md index 87f48b62..36478469 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,3 +1,43 @@ +Version 0.9.9-0-12 [28-Feb-2025] +================================================== +* SpamHaus DNSBL removed from exim4 +* A lot of small bugs fixed + +Version 0.9.9-0-11 [30-May-2024] +================================================== +* Introducing v-run-wp-cli command ( @isscbta ) +* Introducing v-add-wordpress-admin command ( @isscbta ) +* Few bugs fixed + +Version 0.9.9-0-10 [11-Apr-2024] +================================================== +* Introducing v-edit-php-ini command ( @isscbta ) +* Introducing v-edit-domain-php-ini command ( @isscbta ) + +Version 0.9.9-0-9 [05-Apr-2024] +================================================== +* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) +* Few bugs fixed + +Version 0.9.9-0-5 to 0.9.9-0-8 +================================================== +* Few bugs fixed + +Version 0.9.9-0-4 [27-Jun-2023] +================================================== +* Support for Debian 12 ( in mutual cooperation with @HestiaCP ) + +Version 0.9.9-0-2 [12-Jun-2023] +================================================== +* Hosting panel UI perfomance fix + +Version 0.9.9-0 [05-Jun-2023] +================================================== +* Redesign of hosting panel +* Fix for WP_CACHE_KEY_SALTs in v-clone-website command +* Fix for "Helo name contains a ip address" in Exim4 +* Fix for Exim4 for punycode domains (in collaboration with @HestiaCP ) + Version 0.9.8-26-62 [05-Apr-2023] ================================================== * Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP ) diff --git a/README.md b/README.md index c34d496b..a2e7a3de 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,95 @@ -myVesta -================================================== -Visit our homepage: -- https://www.myvestacp.com/ +

myVesta

-Forum: -- https://forum.myvestacp.com/ +
+ +[![Screenshot of myVesta](https://www.myvestacp.com/screenshot1.png)](https://www.myvestacp.com/) + +
+ +

About

+ +

myVesta is a security and stability-focused fork of VestaCP, exclusively supporting Debian in order to maintain a streamlined ecosystem. Boasting a clean, clutter-free interface and the latest innovative technologies, our project is committed to staying synchronized with official VestaCP commits. We work independently to enhance security and develop new features, driven by our passion for contributing to the open-source community rather than monetary gain. As such, we will offer all features built for myVesta to the official VestaCP project through pull requests, without interfering with their development milestones.

+ +

View Changelog +

+ +

Links

+ + +

Features of myVesta

+ + +

How to install

+Download the installation script: + +```shell +curl -O http://c.myvestacp.com/vst-install-debian.sh +``` + +Then run it: + +```shell +bash vst-install-debian.sh +``` + +Or use our installer generator. + +

Useful scripts

+ + + +

Licence

+myVesta is licensed under GPL v3 license. -Knowledge base: -- https://wiki.myvestacp.com/ -Changelog: -- https://github.com/myvesta/vesta/blob/master/Changelog.md diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx index bd4145cc..8b562c9b 100644 --- a/bin/v-activate-rocket-nginx +++ b/bin/v-activate-rocket-nginx @@ -75,18 +75,20 @@ fi # Changing Proxy Template # Check if the proxy template is already set correctly current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}') -if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ]; then +if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then echo "Proxy Template is already set up correctly" else # Prompt the user to choose whether to force HTTPS or not - echo "Do you want to force-https in your Proxy Template or not (y/n):" + echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):" read answer # Change the proxy template based on the user's choice - if [ "$answer" == "y" ]; then - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" - else + if [ "$answer" == "h" ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting" + elif [ "$answer" == "f" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" + elif [ "$answer" == "w" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https" fi echo "Proxy Template is ready" @@ -126,7 +128,7 @@ else chown $user:$user /home/$user/web/$domain/cron.log case $fpm_ver in - 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2) + 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1" ;; esac diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index a1eed13e..80143132 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -72,6 +72,13 @@ $iptables -I fail2ban-$chain 1 -s $ip \ # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block.conf + systemctl reload nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-add-firewall-rule b/bin/v-add-firewall-rule index 6fb867d3..b815778b 100755 --- a/bin/v-add-firewall-rule +++ b/bin/v-add-firewall-rule @@ -83,6 +83,16 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + touch /etc/nginx/conf.d/block-firewall.conf + if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then + echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi + fi +fi + #----------------------------------------------------------# # Vesta # diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 7a306ab3..a7c7fbb8 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -21,6 +21,8 @@ if [[ "$LE_STAGING" = 'yes' ]]; then API='https://acme-staging-v02.api.letsencrypt.org' fi +deb_release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh @@ -60,7 +62,11 @@ query_le_v2() { # Save http response to file passed as "$4" arg or print to stdout if not provided # http response headers are always sent to stdout local save_to_file=${4:-"/dev/stdout"} - curl --location --user-agent "myVesta" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" + if [ "$deb_release" -gt 8 ]; then + curl --location --user-agent "myVesta" --insecure --retry 5 --retry-connrefused --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" + else + curl --location --user-agent "myVesta" --insecure --retry 5 --silent --dump-header /dev/stdout --data "$post_data" "$1" --header "$content" --output "$save_to_file" + fi } @@ -148,6 +154,11 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do done payload=$(echo "$payload"|sed "s/,$//") payload=$payload']}' +# validation='pending' +# # Start counter to avoid infinite loop +# i=0 +# while [ "$validation" = 'pending' ]; do +# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$url" "$payload" "$nonce") @@ -162,10 +173,19 @@ order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n') echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log +validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"') +echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 201 ]]; then echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt new auth status $status" fi +# # Exit the loop after 5 attempts +# i=$((i + 1)) +# if [ $i -gt 5 ]; then +# break +# fi +# sleep 2 +# done # Requesting authorization token / STEP 3 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log @@ -270,19 +290,35 @@ for auth in $authz; do # Doing pol check on status i=1 while [ "$validation" = 'pending' ]; do - echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log - payload='{}' - echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log - answer=$(query_le_v2 "$url" "$payload" "$nonce") - echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log - url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") - echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log - validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") - echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log - nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') - echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log - status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') - echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + i=0 + while true; do + echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log + payload='{}' + echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log + answer=$(query_le_v2 "$url" "$payload" "$nonce") + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log + url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log + validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") + echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log + nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log + status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log + if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then + break + fi + if [ "$wildcard" = 'yes' ]; then + if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then + break + fi + fi + i=$((i + 1)) + if ((i > 30)); then + break + fi + sleep 2 + done if [[ "$status" -ne 200 ]]; then echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt validation status $status" diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim new file mode 100644 index 00000000..4b7789ea --- /dev/null +++ b/bin/v-add-srs-support-to-exim @@ -0,0 +1,77 @@ +#!/bin/bash + +gen_pass() { + MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi + while [ ${n:=1} -le $LENGTH ]; do + PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" + let n+=1 + done + echo "$PASS" +} + +eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') +if (( $(echo "$eximversion < 4.96" | bc -l) )); then + echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." + echo "You have Exim $eximversion" + exit 1; +fi + +echo "=== Addind SRS support to Exim4 ===" +# SRS support is taken from HestiaCP + +if [ ! -f "/etc/exim4/srs.conf" ]; then + echo "= Generating SRS KEY" + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf +fi + +if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then + echo "= Backing up /etc/exim4/exim4.conf.template" + cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs +fi + +if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf" + v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Patching \"dnslookup:\" block" + /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' ' no_more' 'dnslookup:\n driver = dnslookup\n # if outbound, and forwarding has been done, use an alternate transport\n domains = ! +local_domains\n transport = ${if eq {$local_part@$domain} \\n {$original_local_part@$original_domain} \\n {remote_smtp} {remote_forwarded_smtp}}\n no_more' +fi + +if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks" + v-sed 'aliases:' 'inbound_srs:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which are converted to SRS, and decode them\n condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n data = $srs_recipient\n\ninbound_srs_failure:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which look converted to SRS but are invalid\n condition = ${if inbound_srs {$local_part} {}}\n allow_fail\n data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template' +fi + +if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then + echo "= Adding \"remote_forwarded_smtp:\" block" + v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' +fi + +touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_email_account_max_recipients +touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour +touch /etc/exim4/limit_per_hosting_account_max_recipients + +echo "= Restarting exim4 service" +systemctl restart exim4 + +if [ $? -ne 0 ]; then + systemctl status exim4 + cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template + systemctl restart exim4 + echo "=== Patching failed, old exim conf returned, exim4 restarted again." + exit 1 +fi +echo "=== SRS support was added successfully. ===" + +exit 0 diff --git a/bin/v-add-user-package b/bin/v-add-user-package index 0cab1a3d..e9fe210a 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -28,7 +28,7 @@ is_package_new() { } is_package_consistent() { - source $pkg_dir/$package.pkg + parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg) if [ "$WEB_DOMAINS" != 'unlimited' ]; then is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi @@ -63,6 +63,9 @@ is_package_consistent() { is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin new file mode 100644 index 00000000..67f58bf4 --- /dev/null +++ b/bin/v-add-wordpress-admin @@ -0,0 +1,86 @@ +#!/bin/bash +# info: Add a WordPress admin user to a specific domain +# options: DOMAIN USERNAME PASSWORD EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +if [ "$#" -lt 4 ]; then + echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +username=$2 +password=$3 +email=$4 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + +if ! command -v wp &> /dev/null; then + echo "WP CLI is not installed. Installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + echo "WP CLI installed successfully." +fi + +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html +sudo -u $USER /usr/bin/php$phpver /usr/local/bin/wp user create $username $email --role=administrator --user_pass="$password" --skip-plugins=$(sudo -H -u$USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; diff --git a/bin/v-backup-user b/bin/v-backup-user index 0db5d376..f6629c9e 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -22,6 +22,9 @@ source $VESTA/func/domain.sh source $VESTA/func/db.sh source $VESTA/conf/vesta.conf +if [ ! -z "$NOW" ]; then + BACKUP_LA_LIMIT=50 +fi #----------------------------------------------------------# # Verifications # diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now new file mode 100644 index 00000000..10eecd87 --- /dev/null +++ b/bin/v-backup-user-now @@ -0,0 +1,6 @@ +#!/bin/bash + +export ALLOW_BACKUP_ANYTIME='yes' +export NOW='yes' + +nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 diff --git a/bin/v-backup-users b/bin/v-backup-users index 16a93d6d..05550ded 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -37,7 +37,7 @@ fi log=$VESTA/log/backup.log -$BIN/v-check-vesta-license >/dev/null +# $BIN/v-check-vesta-license >/dev/null touch $log if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then diff --git a/bin/v-blacklist-email-account b/bin/v-blacklist-email-account new file mode 100644 index 00000000..59ec9cf8 --- /dev/null +++ b/bin/v-blacklist-email-account @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Add a specific email address to exim4 and spamassassin blacklist +# usage: v-blacklist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-blacklist-email EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Prepare entries for Exim4 and SpamAssassin +EXIM_ENTRY="$EMAIL" +SPAMASSASSIN_ENTRY="blacklist_from $EMAIL" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then + add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE." +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 diff --git a/bin/v-blacklist-email-domain b/bin/v-blacklist-email-domain new file mode 100644 index 00000000..a72a17a9 --- /dev/null +++ b/bin/v-blacklist-email-domain @@ -0,0 +1,133 @@ +#!/bin/bash +# info: Add a domain to exim4 and spamassassin blacklist +# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +DENY_SENDERS_FILE="/etc/exim4/deny_senders" +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a domain already exists in a file +check_domain_exists() { + local domain=$1 + local file=$2 + grep -qE "^${domain}$" "$file" +} + +# Function to check if a SpamAssassin entry already exists +check_spamassassin_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to add domain to file +add_domain_to_file() { + local domain=$1 + local file=$2 + echo "$domain" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for Exim4 +EXIM_ENTRY_MAIN="$DOMAIN" +EXIM_ENTRY_SUB="*.$DOMAIN" + +# Prepare entries for SpamAssassin +SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}" +SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN" + +#----------------------------------------------------------# +# Exim4 Blacklist # +#----------------------------------------------------------# + +echo "Updating $DENY_SENDERS_FILE..." +if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE." +else + echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then + add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE" + echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE." + else + echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE." + fi +fi + +#----------------------------------------------------------# +# SpamAssassin Blacklist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." +if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress new file mode 100644 index 00000000..1a364307 --- /dev/null +++ b/bin/v-change-database-password-for-all-wordpress @@ -0,0 +1,65 @@ +#!/bin/bash +# info: change db password to all wordpress databases +# options: +# +# The command is used for changing db password to all wordpress databases on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +only_user=''; +if [ ! -z "$1" ]; then + only_user=$1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +touch /root/remember-db-user-pass.txt + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + if [ ! -z "$only_user" ]; then + if [ "$only_user" != "$user" ]; then + continue; + fi + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user + echo "--------------------------------" + fi + done + + if [ ! -z "$only_user" ]; then + break; + fi + +done + +# cat /root/remember-db-user-pass.txt +if [ -f "/root/remember-db-user-pass.txt" ]; then + rm /root/remember-db-user-pass.txt +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress new file mode 100644 index 00000000..7f31b181 --- /dev/null +++ b/bin/v-change-database-password-for-wordpress @@ -0,0 +1,132 @@ +#!/bin/bash +# info: change database password for wordpress +# options: +# +# The command is used for changing database password for wordpress. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user + +if [ -z "$user" ]; then + echo "ERROR: Domain $domain not found" + exit 1; +fi + +if [ ! -d "/home/$user" ]; then + echo "ERROR: User $user doesn't exist"; + exit 1; +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "ERROR: Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo "=== Domain: $domain" + wp_config_path="/home/$user/web/$domain/public_html/wp-config.php" + if grep -q $'\r' $wp_config_path; then + echo "=== removing CRLF from wp-config.php" + tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path + chown $user:$user $wp_config_path + fi + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") + if [ -z "$db_name" ]; then + db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+") + fi + if [ -z "$db_user" ]; then + db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+") + fi + new_password='' + found_existing_password=0 + if [ -f "/root/remember-db-user-pass.txt" ]; then + db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt) + if [ -n "$db_user_pass" ]; then + new_password=$(echo "$db_user_pass" | cut -d':' -f2) + echo "= Using existing password for $db_user" + found_existing_password=1 + fi + fi + + if [ -z "$new_password" ]; then + new_password=$(generate_password) + fi + + echo "DB name: $db_name" + echo "DB user: $db_user" + echo "New DB password: $new_password" + if [ $found_existing_password -eq 0 ]; then + touch /root/remember-db-user-pass.txt + echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt + chown root:root /root/remember-db-user-pass.txt + chmod 600 /root/remember-db-user-pass.txt + fi + /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" + if [ $? -ne 0 ]; then + echo "*************** ERROR: Failed to change database password ***************" + exit 1; + fi + line="define('DB_PASSWORD', '$new_password');" + chattr -i $wp_config_path + sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path + new_password_line=$(grep "DB_PASSWORD" $wp_config_path) + echo "New DB password line: $new_password_line" + if [ "$new_password_line" != "$line" ]; then + echo "*************** ERROR: line in wp-config.php is not what we expected ***************" + echo "Expected: $line" + echo "Actual : $new_password_line" + echo "*************** ERROR: Please check wp-config.php manually ***************" + exit 1; + fi +else + echo "ERROR: WP-config.php not found" + exit 1; +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit 0; diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www new file mode 100644 index 00000000..1f230099 --- /dev/null +++ b/bin/v-change-dir-www @@ -0,0 +1,71 @@ +#!/bin/bash +# info: Change directory to the public_html folder of a domain +# usage: source v-cd-www DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then + echo "This script must be sourced to change the current directory." + echo "Usage: source v-cd-www DOMAIN" + exit 1 +fi + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + return 1 +fi + +# Importing system environment +source /etc/profile +PATH=$PATH:/usr/local/vesta/bin && export PATH + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) + +if [ -z "$user" ]; then + echo "Domain $domain doesn't exist" + return 1 +fi + +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User $user doesn't exist" + return 1 +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain $domain doesn't have a public_html directory" + return 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "/home/$user/web/$domain/public_html" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +return 0 diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index 8f267307..ed5fa5a4 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -35,6 +35,9 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user #----------------------------------------------------------# # Action # @@ -57,11 +60,11 @@ if [ ! -z "$web_data" ]; then ssl_key=$VESTA/data/users/$owner/ssl/$domain.key ssl_ca=$VESTA/data/users/$owner/ssl/$domain.ca ssl_pem=$VESTA/data/users/$owner/ssl/$domain.pem - mv $ssl_crt $VESTA/data/users/$user/ssl/ - mv $ssl_key $VESTA/data/users/$user/ssl/ - mv $ssl_ca $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1 - mv $ssl_pem $VESTA/data/users/$user/ssl/ >> /dev/null 2>&1 - rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* + cp $ssl_crt $VESTA/data/users/$user/ssl/ + cp $ssl_key $VESTA/data/users/$user/ssl/ + cp $ssl_ca $VESTA/data/users/$user/ssl/ > /dev/null 2>&1 + cp $ssl_pem $VESTA/data/users/$user/ssl/ > /dev/null 2>&1 + # rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* fi # Check ftp user account @@ -79,10 +82,23 @@ if [ ! -z "$web_data" ]; then # Move data mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/ + if [ -d "/hdd/home/$owner/web/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain + fi + # Change ownership find $HOMEDIR/$user/web/$domain -user $owner \ -exec chown -h $user:$user {} \; + if [ "$SSL" = 'yes' ]; then + sleep 10 + rm $ssl_crt + rm $ssl_key + rm $ssl_ca > /dev/null 2>&1 + rm $ssl_pem > /dev/null 2>&1 + rm -f $HOMEDIR/$owner/conf/web/ssl.$domain.* + fi + # Rebuild config $BIN/v-unsuspend-web-domain $user $domain no >> /dev/null 2>&1 $BIN/v-rebuild-web-domains $owner no @@ -140,6 +156,10 @@ if [ ! -z "$mail_data" ]; then # Move data mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/ + if [ -d "/hdd/home/$owner/mail/$domain" ]; then + $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain + fi + # Change ownership find $HOMEDIR/$user/mail/$domain -user $owner \ -exec chown -h $user {} \; diff --git a/bin/v-change-firewall-rule b/bin/v-change-firewall-rule index d2502bce..aad2ec38 100755 --- a/bin/v-change-firewall-rule +++ b/bin/v-change-firewall-rule @@ -62,6 +62,8 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'" str="$str TIME='$time' DATE='$date'" +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting old rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf @@ -74,6 +76,14 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then + NEWIP=$ip + parse_object_kv_list_non_eval "$oldvalues" + sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-user-package b/bin/v-change-user-package index d0de98db..1e088bcc 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -16,6 +16,7 @@ force=$3 # Includes source $VESTA/func/main.sh +source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf is_package_avalable() { @@ -23,7 +24,7 @@ is_package_avalable() { usr_data=$(cat $USER_DATA/user.conf) IFS=$'\n' for key in $usr_data; do - eval ${key%%=*}=${key#*=} + parse_object_kv_list_non_eval $key done WEB_DOMAINS='0' @@ -35,7 +36,7 @@ is_package_avalable() { pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\ grep -v DATE) - eval $pkg_data + parse_object_kv_list_non_eval $pkg_data # Checking usage agains package limits if [ "$WEB_DOMAINS" != 'unlimited' ]; then @@ -73,11 +74,15 @@ is_package_avalable() { check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage" fi fi + + is_web_template_valid $WEB_TEMPLATE + is_dns_template_valid $DNS_TEMPLATE + is_proxy_template_valid $PROXY_TEMPLATE } change_user_package() { - eval $(cat $USER_DATA/user.conf) - eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") + parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf) + parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") echo "FNAME='$FNAME' LNAME='$LNAME' PACKAGE='$package' diff --git a/bin/v-change-vesta-port b/bin/v-change-vesta-port index 3f386654..7ea7827e 100755 --- a/bin/v-change-vesta-port +++ b/bin/v-change-vesta-port @@ -41,6 +41,7 @@ is_int_format_valid "$port" 'port number' #----------------------------------------------------------# sed -i "s|$oldport;|$port;|g" $VESTA/nginx/conf/nginx.conf +sed -i "s|$oldport ssl;|$port ssl;|g" $VESTA/nginx/conf/nginx.conf if [ -f "/etc/roundcube/plugins/password/config.inc.php" ]; then sed -i "s|'$oldport'|'$port'|g" /etc/roundcube/plugins/password/config.inc.php fi diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords new file mode 100644 index 00000000..6ab4ad0e --- /dev/null +++ b/bin/v-change-wordpress-admin-passwords @@ -0,0 +1,195 @@ +#!/bin/bash +# info: interactively delete or change WordPress admin passwords for a given domain +# options: DOMAIN +# +# d → delete user (with content reassignment) +# c → change password (random 10-char alnum) +# s → skip +# x → exit + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +# WP-CLI wrapper +if [ ! -z "$PHP" ]; then + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +else + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +fi + +# random 10-char password +gen_pass() { tr -dc 'A-Za-z0-9' > /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + else + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + echo "Failed to change password for $TARGET." + fi + break + ;; + [Ss]* ) + echo "Skipping $TARGET." + break + ;; + [Xx]* ) + echo "Exiting." + exit 0 + ;; + * ) echo "Please answer d, c, s, or x." ;; + esac + done +done <<< "$ADMIN_LIST_CSV" + +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "-------------------------------------" + echo + read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty + if [ -z "$SAVE_PASSWORDS" ]; then + SAVE_PASSWORDS="n" + fi + if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then + rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + fi +fi + +#----------------------------------------------------------# +# flush cache and refresh all security salts # +#----------------------------------------------------------# + +echo "-------------------------------------" +echo +echo "Flushing cache and refreshing salts..." + +RUN="$WP_RUN cache flush" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force" +eval "$RUN" +RUN="$WP_RUN config shuffle-salts" +eval "$RUN" + +echo "Cache flushed and salts refreshed." + +echo +echo "Done." + +if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then + echo "-------------------------------------" + echo "For website $DOMAIN - new wp-admin passwords have been set." + echo "-------------------------------------" + cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt + echo "-------------------------------------" + echo "" + read -r -p "== Press Enter to continue..." +fi + +exit 0 diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 72e8560e..11e29122 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -14,6 +14,10 @@ if [ "$whoami" != "root" ]; then exit 1 fi +echo "===== Before cleaning =====" +df -h +echo "===========================" + # Includes source /usr/local/vesta/func/main.sh @@ -21,6 +25,15 @@ source /usr/local/vesta/func/main.sh # Action # #----------------------------------------------------------# +# turn off tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') +fi + +find /tmp/ -type f -mtime +7 -delete rm /var/backups/* > /dev/null 2>&1 rm /var/cache/apt/archives/* > /dev/null 2>&1 cd /var/log @@ -37,13 +50,18 @@ find /var/log/ -type f -name "*.4" -delete find /var/log/ -type f -name "*.5" -delete find /var/log/ -type f -name "*.6" -delete find /var/log/ -type f -name "*.7" -delete +find /var/log/ -type f -name "*.8" -delete +find /var/log/ -type f -name "*.9" -delete find /var/log/ -name "*.gz" -type f -delete find /usr/local/vesta/log/ -type f -name "*.log" -exec truncate -s 0 {} \; find /usr/local/vesta/log/ -type f -not -name "*.log" -delete find /var/log/exim4/ -type f -exec truncate -s 0 {} \; +truncate -s 0 /*.log > /dev/null 2>&1 +rm /panic-*.log > /dev/null 2>&1 +rm /var/log/panic-*.log > /dev/null 2>&1 clean_home() { - nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -delete > /dev/null 2>&1 find $1/ -name '.wp-cli' -type d -exec rm -rf {} \; > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/aiowps_backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/envato-backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 @@ -51,7 +69,10 @@ clean_home() { find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 + find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 + nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log.txt" -exec truncate -s 0 {} \; nice -n 19 ionice -c 3 find $1/ -type f -name "*.log" -exec truncate -s 0 {} \; @@ -69,16 +90,43 @@ if [ $fail2ban_running -eq 1 ]; then fi if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + systemctl restart nginx + fi + fi fi if [ $fail2ban_running -eq 1 ]; then systemctl start fail2ban fi +# turn on tailf watcher process +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log 2>&1 & +fi +if [ -f "/usr/local/bin/tailf_exim.php" ]; then + nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & +fi + +exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim') +if [ $exim_installed -gt 0 ]; then + systemctl restart exim4 +fi + + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# -echo "=== Garbage cleaned ===" +echo "" +echo "***** Garbage cleaned *****" +echo "" +echo "===== After cleaning ======" +df -h +echo "===========================" + log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-clear-fail2ban b/bin/v-clear-fail2ban new file mode 100644 index 00000000..ab3ab30c --- /dev/null +++ b/bin/v-clear-fail2ban @@ -0,0 +1,59 @@ +#!/bin/bash +# info: Clean fail2ban database +# options: NONE +# +# The function is cleaning fail2ban database + +#----------------------------------------------------------# +# Verifications & Variable & Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# check if fail2ban is installed +fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban') +if [ $fail2ban_installed -eq 0 ]; then + echo "Fail2ban is not installed" + exit 1 +fi + +# Includes +source /usr/local/vesta/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Cleaning fail2ban database +fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') +if [ $fail2ban_running -eq 1 ]; then + echo "== Stopping fail2ban" + systemctl stop fail2ban +fi +if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then + echo "== Cleaning fail2ban database" + rm /var/lib/fail2ban/fail2ban.sqlite3 + if [ -f "/etc/nginx/conf.d/block.conf" ]; then + echo "== Cleaning nginx block.conf" + truncate -s 0 /etc/nginx/conf.d/block.conf + nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') + if [ $nginx_running -eq 1 ]; then + echo "== Restarting nginx" + systemctl restart nginx + fi + fi +fi +if [ $fail2ban_running -eq 1 ]; then + echo "== Starting fail2ban" + systemctl start fail2ban +fi + +echo "== Done, fail2ban database cleaned" + +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-clone-website b/bin/v-clone-website index df98c6db..0258e39a 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -20,6 +20,7 @@ if [ $# -lt 2 ]; then echo "--TO_DATABASE_USERNAME=..." echo "--TO_DATABASE_PASSWORD=..." echo "--SITE_SUBFOLDER=..." + echo "--EXCLUDE_UPLOADS=1 (or do not set it)" exit 1 fi @@ -313,6 +314,7 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL" echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT" echo "SEARCH_FOR_CONFIGS_DATABASE_NAME = $SEARCH_FOR_CONFIGS_DATABASE_NAME" echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME" +echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS" echo "===============================================================================" read -p "=== Press Enter to continue ===" @@ -370,17 +372,25 @@ if [ -d "/root/temp" ]; then fi mkdir -p /root/temp cd /root/temp -mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql +mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql +rm $FROM_DATABASE_NAME.sql + +EXCLUDE='' +if [ ! -z "$EXCLUDE_UPLOADS" ]; then + EXCLUDE="--exclude '/wp-content/uploads/*'" +fi echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER" if [ "$SITE_SUBFOLDER" != ".." ]; then - echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/" - rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/ + run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run else - echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" - rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/ + run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" + echo "====== Executing: $run" + eval $run fi echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER" chown -R $TO_USER:$TO_USER $TO_FOLDER @@ -419,21 +429,37 @@ if [ $IT_IS_WP -eq 0 ]; then php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$TO_DOMAIN") cd $TO_FOLDER - if [ -d "wp-content/plugins/w3-total-cache" ]; then - rm -f wp-content/object-cache.php - rm -f wp-content/db.php - rm -f wp-content/advanced-cache.php - rm -rf wp-content/w3tc-config - rm -rf wp-content/plugins/w3-total-cache - fi echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + fi + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp cache flush --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; + sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp config shuffle-salts --skip-plugins=$(sudo -H -u$TO_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; +fi + +# ----------- Update Wordfence WAF Path ------------- + +# Path to .user.ini file in the new domain directory +user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini" + +# Check if .user.ini exists +if [ -f "$user_ini" ]; then + echo "Updating .user.ini with new path..." + + # Change path from old domain to new domain + sed -i "s|/home/.*/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" $user_ini + + # Check if replacement was successful and update .user.ini + if [ $? -eq 0 ]; then + echo ".user.ini updated successfully." + else + echo "Failed to update .user.ini file." fi - sudo -H -u$TO_USER wp cache flush fi echo "===== DONE ====" diff --git a/bin/v-commander b/bin/v-commander index 06a5f737..f04b3a17 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -13,11 +13,14 @@ fi source /etc/profile PATH=$PATH:/usr/local/vesta/bin && export PATH -echo "======================= mvVesta-commander ================================" +if [ $SHOWHEADER -eq 1 ]; then + echo "======================= mvVesta-commander ================================" +fi if [ -f /root/kernelupdate ]; then rm /root/kernelupdate fi +apt_updated=0 apt_upgraded=0 quit_on_empty=0 @@ -60,34 +63,36 @@ check_status() { myhelp() { echo "---------- Press: -----------" - echo "u = apt-get update" - echo "g = apt-get upgrade" + echo "a = Activate Email rate limit" + echo "b = bash" echo "c = check status" + echo "d = df -h" echo "e = make sure Apache is in mpm_event" - echo "s = download sury.org apt-get key" + echo "f = free -h" + echo "g = apt-get upgrade" + echo "h = help" echo "m = install php-memcached" echo "p = set version of php as default" + echo "q = quit" + echo "r = reboot" + echo "s = download sury.org apt-get key" + echo "t = clean the trash" + echo "u = apt-get update" echo "v = update myVesta" echo "vo = update myVesta without 'apt-get update'" - echo "t = clean the trash" echo "w = w" - echo "d = df -h" - echo "f = free -h" - echo "b = bash" - echo "r = reboot" - echo "q = quit" - echo "h = help" echo "-----------------------------" - echo "inst v = install myVesta" - echo "inst p = install multi-php" - echo "inst pgw = install php-gate" - echo "inst r = install new Roundcube" - echo "inst memcached = install memcached" - echo "inst redis = install Redis" + echo "inst v = install myVesta" + echo "inst p = install multi-php" + echo "inst pgw = install php-gate" + echo "inst r = install new Roundcube" + echo "inst memcached = install memcached" + echo "inst redis = install Redis" + echo "inst nginx-rate-limit = install nginx-rate-limit templates" echo "dis fb = stop and disable fail2ban" echo "dis dove = stop and disable dovecot" - echo "dis spam = stop and disable spam" - echo "dis clam = stop and disable clamav" + echo "dis spam = stop and disable spamassassin" + echo "dis clam = stop and disable ClamAV" echo "p 7.0 = set default php 7.0" echo "p 7.3 = set default php 7.3" echo "p 7.4 = set default php 7.4" @@ -96,20 +101,38 @@ myhelp() { echo "m def = install php-memcached if needed" echo "check fc = check if FreshClam is up" echo "-----------------------------" - echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" + echo "enable-ssh-root-password-login = Allow root password authentication via SSH" + echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" echo "-----------------------------" } +apt_update() { + echo "=============================" + echo "== running: apt-get update" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 10 ]; then + apt-get update + else + apt-get update --allow-releaseinfo-change + fi + apt_updated=1 +} + COUNTER=0 +HAS_PARAMETERS=0 while true do COUNTER=$((COUNTER + 1)) if [ $COUNTER -le $numargs ]; then + HAS_PARAMETERS=1 answer=$1 shift else + if [ $HAS_PARAMETERS -eq 1 ]; then + exit; + fi read -p 'What to do: ' answer fi @@ -126,17 +149,42 @@ do if [ "$answer" = 'quit-on-empty' ]; then echo "== the script will quit on next enter" quit_on_empty=1 + HAS_PARAMETERS=0 fi + + if [ "$answer" = 'a' ] || [ "$answer" = 'A' ]; then + mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template + + touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_email_account_max_recipients + touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_hosting_account_max_recipients + + check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template + fi + + check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template + fi + + check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup) + if [ "$check_grep" -eq 0 ]; then + sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template + fi + + systemctl restart exim4 + echo "Email rate limit activated." + fi + + + if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then - echo "=============================" - echo "== running: apt-get update" - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -lt 10 ]; then - apt-get update - else - apt-get update --allow-releaseinfo-change - fi + apt_update fi if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then @@ -241,8 +289,14 @@ do if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then echo "=============================" echo "== disabling SpamAssassin" - systemctl stop spamassassin.service - systemctl disable spamassassin.service + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 12 ]; then + systemctl stop spamassassin.service + systemctl disable spamassassin.service + else + systemctl stop spamd.service + systemctl disable spamd.service + fi sed -i "s/^SPAMASSASSIN =/#SPAMASSASSIN =/g" /etc/exim4/exim4.conf.template sed -i "s/^SPAM_SCORE =/#SPAM_SCORE =/g" /etc/exim4/exim4.conf.template @@ -354,32 +408,13 @@ do echo "=============================" echo "== cleaning trash" df -m - ps -Af | grep tailf | grep -v "grep tailf" - if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') - fi - if [ -f "/usr/local/bin/tailf_exim.php" ]; then - kill $(ps aux | grep 'tailf_exim' | grep -v "grep tailf_exim" | awk '{print $2}') - fi echo "------" ps -Af | grep tailf | grep -v "grep tailf" echo "------" - sleep 2 - truncate -s 0 /*.log - rm /panic-*.log - rm /var/log/panic-*.log /usr/local/vesta/bin/v-clean-garbage - sleep 2 - if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & - fi - if [ -f "/usr/local/bin/tailf_exim.php" ]; then - nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log & - fi echo "--------------" df -m echo "--------------" - sleep 2 ps -Af | grep tailf | grep -v "grep tailf" fi @@ -438,8 +473,8 @@ do memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) apt-get update apt-get -y install memcached - apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ") - apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ") + apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ") + apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ") if [ $memory -lt 15000000 ]; then sed -i "s/-m 64/-m 256/" /etc/memcached.conf else @@ -460,6 +495,7 @@ do sed -i "s|^supervised no|supervised systemd|g" /etc/redis/redis.conf sed -i "s|^save |# save |g" /etc/redis/redis.conf + sed -i 's|^# save ""|save ""|g' /etc/redis/redis.conf if [ $memory -lt 15000000 ]; then sed -i "s|^# maxmemory .*|maxmemory 256m|g" /etc/redis/redis.conf else @@ -472,6 +508,15 @@ do echo "-------------------" fi + if [ "$answer" = 'inst nginx-rate-limit' ] || [ "$answer" = 'INST NGINX-RATE-LIMIT' ]; then + echo "=============================" + echo "== Installing inst nginx-rate-limit templates" + curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh + bash install_rate_limit_tpl.sh + echo "== nginx-rate-limit templates installed." + echo "-------------------" + fi + if [ "$answer" = 'check fc' ] || [ "$answer" = 'CHECK FC' ]; then echo "== Checking if FreshClam is up" clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running') @@ -490,21 +535,13 @@ do echo "--- New settings ---" grep '^PermitRoot' /etc/ssh/sshd_config echo "--------------------" - adminline=$(grep '^admin:' /etc/shadow) - adminline=${adminline:6} - adminline="root:$adminline" - sed -i "s#^root:.*#$adminline#" /etc/shadow - echo "root password is now the same as admin password." - echo "--------------------" - grep '^root:' /etc/shadow - grep '^admin:' /etc/shadow - echo "--------------------" echo "Port 22 opened in Firewall for all IP addresses." /usr/local/vesta/bin/v-unsuspend-firewall-rule "11" echo "--------------------" + echo "Type 'passwd' in the terminal to set the root password." + echo "--------------------" fi - if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then echo "=============================" echo "== Rebooting the server" @@ -554,4 +591,13 @@ do /root/install-new-roundcube.sh fi + if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then + if [ ! -f "/root/.ssh/id_rsa.pub" ]; then + ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null + fi + echo "=== YOUR id_rsa.pub IS BELOW ===" + cat /root/.ssh/id_rsa.pub + echo "======" + fi + done diff --git a/bin/v-delete-database-of-domain b/bin/v-delete-database-of-domain new file mode 100644 index 00000000..30fd18c0 --- /dev/null +++ b/bin/v-delete-database-of-domain @@ -0,0 +1,69 @@ +#!/bin/bash +# info: delete database if domain has database +# options: DOMAIN +# +# The function for deleting database if domain has database + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +RET=$OK + +# echo "=================================" +r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain) +# echo $r +eval $r +# echo "=================================" + +if [ ! -z "$DATABASE_NAME" ]; then + echo "=== v-delete-database $USER $DATABASE_NAME" + /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME + if [ $? -ne 0 ]; then + echo "=== v-delete-database failed" + RET=$E_NOTEXIST + fi +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +log_event "$RET" "$ARGUMENTS" + +exit diff --git a/bin/v-delete-domain b/bin/v-delete-domain index b6294679..1ca3373b 100755 --- a/bin/v-delete-domain +++ b/bin/v-delete-domain @@ -37,9 +37,10 @@ is_object_unsuspended 'user' 'USER' "$user" if [ ! -z "$WEB_SYSTEM" ]; then str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf) if [ ! -z "$str" ]; then + $BIN/v-delete-database-of-domain $domain domain_found='yes' $BIN/v-delete-web-domain $user $domain 'no' - check_result $? "can't suspend web" > /dev/null + check_result $? "can't delete web" > /dev/null fi fi @@ -49,7 +50,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-dns-domain $user $domain 'no' - check_result $? "can't suspend dns" > /dev/null + check_result $? "can't delete dns" > /dev/null fi fi @@ -59,7 +60,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-mail-domain $user $domain - check_result $? "can't suspend mail" > /dev/null + check_result $? "can't delete mail" > /dev/null fi fi diff --git a/bin/v-delete-firewall-ban b/bin/v-delete-firewall-ban index 52f3403d..cb5b352c 100755 --- a/bin/v-delete-firewall-ban +++ b/bin/v-delete-firewall-ban @@ -53,6 +53,11 @@ $iptables -D fail2ban-$chain $b 2>/dev/null # Changing permissions chmod 660 $conf +# nginx deny rules conf +if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then + sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf + systemctl reload nginx +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 8f646644..61f7602d 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -34,12 +34,21 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# +oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) + # Deleting rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf # Updating system firewall $BIN/v-update-firewall +if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then + parse_object_kv_list_non_eval "$oldvalues" + if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then + sed -i "/$IP/d" /etc/nginx/conf.d/block-firewall.conf + systemctl restart nginx + fi +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-inactive-wordpress-plugins-and-themes b/bin/v-delete-inactive-wordpress-plugins-and-themes new file mode 100644 index 00000000..e9b1715c --- /dev/null +++ b/bin/v-delete-inactive-wordpress-plugins-and-themes @@ -0,0 +1,165 @@ +#!/bin/bash +# info: delete inactive WordPress plugins and themes +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +# WP-CLI wrapper +if [ ! -z "$PHP" ]; then + WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +else + WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" +fi + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 +echo "Inactive WordPress plugins for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes" +PLUGINS_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2) + +DEACTIVATED_PLUGINS_LIST_CSV="" + +if [ ! -z "$PLUGINS_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME" + fi + done <<< "$PLUGINS_LIST_CSV" +else + echo "No plugins found." +fi + +if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME" + file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php" + if [ -d "$folder" ] || [ -f "$file" ]; then + destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN" + if [ -d "$folder" ]; then + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + elif [ -f "$file" ]; then + source_path="$file" + destination_path="$destination_base_folder/$NAME.php" + fi + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + if [ -f "$destination_path" ]; then + echo "= File $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder or file $file not found - it does not exist?" + fi + fi + done <<< "$PLUGINS_LIST_CSV" + fi +fi + +echo "" +echo "Inactive WordPress themes for $DOMAIN:" +echo "-------------------------------------" + +RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes" +THEMES_LIST_CSV=$(eval "$RUN") +return_code=$? + +if [ $return_code -ne 0 ]; then + echo "WP-CLI error:" + echo "return code: $return_code" + cat /home/$USER/web/$DOMAIN/wp-cli-error.log + exit $return_code +fi + +THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2) + +DEACTIVATED_THEMES_LIST_CSV="" + +if [ ! -z "$THEMES_LIST_CSV" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" + DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME" + fi + done <<< "$THEMES_LIST_CSV" +else + echo "No themes found." +fi + +if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then + echo "" + read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty + if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do + if [ "$STATUS" = "inactive" ]; then + folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME" + if [ -d "$folder" ]; then + destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN" + source_path="$folder" + destination_path="$destination_base_folder/$NAME" + mkdir -p $destination_base_folder + chown $USER:$USER $destination_base_folder + mv $source_path $destination_path + if [ -d "$destination_path" ]; then + echo "= Folder $source_path moved to $destination_path" + quarantined=1; + fi + else + echo "=== ERROR: Folder $folder not found - it does not exist?" + fi + fi + done <<< "$THEMES_LIST_CSV" + fi +fi + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All deactivated plugins and themes moved to quarantine." + echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN" +else + echo "= No deactivated plugins or themes found." +fi +exit 0; diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain index ee727aa9..9be565bb 100755 --- a/bin/v-delete-mail-domain +++ b/bin/v-delete-mail-domain @@ -51,6 +51,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn rm -rf $HOMEDIR/$user/conf/mail/$domain rm -rf $HOMEDIR/$user/mail/$domain_idn + if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then + rm -rf /hdd/home/$user/mail/$domain_idn + fi fi # Deleting dkim dns record diff --git a/bin/v-delete-mail-domain-dkim b/bin/v-delete-mail-domain-dkim index f11e48d4..7cfbab58 100755 --- a/bin/v-delete-mail-domain-dkim +++ b/bin/v-delete-mail-domain-dkim @@ -48,7 +48,7 @@ fi # Deleting dns record if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then records=$($BIN/v-list-dns-records $user $domain plain) - dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') + dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}') for id in $dkim_records; do $BIN/v-delete-dns-record $user $domain $id done diff --git a/bin/v-delete-mails b/bin/v-delete-mails new file mode 100644 index 00000000..24ac68e5 --- /dev/null +++ b/bin/v-delete-mails @@ -0,0 +1,127 @@ +#!/bin/bash +# info: delete old emails (by mtime) for user/domain/account, with optional scope +# usage: v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE +# SCOPE: all – clean every Maildir folder (cur, new, tmp, custom subfolders) +# trash – clean only Trash/Junk/Spam folders + +# load Vesta functions & config +source "$VESTA/func/main.sh" +source "$VESTA/conf/vesta.conf" + +# read arguments +user="$1" +domain="$2" +account="$3" +mtime="$4" +scope="$5" + +# verify argument count +check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE' + +# validate scope +if [[ "$scope" != "all" && "$scope" != "trash" ]]; then + echo "ERROR: SCOPE must be 'all' or 'trash'." + exit 1 +fi + +# validate logical combinations +if [[ "$user" == "all" ]]; then + if [[ "$domain" != "all" || "$account" != "all" ]]; then + echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'." + exit 1 + fi +elif [[ "$domain" == "all" && "$account" != "all" ]]; then + echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'." + exit 1 +fi + +# build a detailed summary for the warning +declare -a summary_parts +if [[ "$user" == "all" ]]; then + summary_parts+=("all users") +else + summary_parts+=("user '$user'") +fi + +if [[ "$domain" == "all" ]]; then + summary_parts+=("all domains") +else + summary_parts+=("domain '$domain'") +fi + +if [[ "$account" == "all" ]]; then + summary_parts+=("all accounts") +else + summary_parts+=("account '$account'") +fi + +# join with commas +summary=$(printf ", %s" "${summary_parts[@]}") +summary=${summary:2} + +# only warn if any of them is 'all' or if mtime is 'all' +if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then + echo "WARNING: This will delete emails older than '$mtime' days for ${summary}." + read -p "Are you sure? (yes/no): " confirm + [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; } +fi + +# function to delete emails +delete_emails() { + local u="$1" d="$2" a="$3" + local maildir="/home/$u/mail/$d/$a" + + [[ ! -d "$maildir" ]] && return + + echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime" + + # build find predicates + if [[ "$scope" == "all" ]]; then + folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" ) + else + folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" ) + fi + + # assemble and run find + if [[ "$mtime" == "all" ]]; then + find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null + else + find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null + fi +} + +# collect users +if [[ "$user" == "all" ]]; then + users=$(v-list-users plain | awk '{print $1}') +else + users="$user" +fi + +# iterate through users, domains, accounts +for u in $users; do + if [[ "$domain" == "all" ]]; then + domains=$(v-list-mail-domains "$u" plain | awk '{print $1}') + else + domains="$domain" + fi + + for d in $domains; do + if [[ "$account" == "all" ]]; then + accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}') + else + accounts="$account" + fi + + for a in $accounts; do + delete_emails "$u" "$d" "$a" + done + done +done + +# restart dovecot to refresh mailbox state +systemctl restart dovecot + +# log the action (status first, then message) +log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account" + +exit 0 diff --git a/bin/v-delete-user b/bin/v-delete-user index c452f0a0..cdf809eb 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,6 +94,9 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user +if [ -d "/hdd/home/$user" ]; then + rm -rf /hdd/home/$user +fi rm -f /var/spool/mail/$user rm -f /var/spool/cron/$user rm -f /var/spool/cron/crontabs/$user diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index 75399766..e64dd9a7 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -62,36 +62,24 @@ if [ -f "$fpmconf" ]; then rm $fpmconf echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log fi -fpmconf="/etc/php/5.6/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.0/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.1/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.2/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.3/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi -fpmconf="/etc/php/7.4/fpm/pool.d/$domain.conf" -if [ -f "$fpmconf" ]; then - rm $fpmconf - echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log -fi + +for PHPV in /etc/php/*; do + if [ -d "${PHPV}" ]; then + # PHPVER=$(basename ${PHPV}) + POOLD="${PHPV}/fpm/pool.d" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + POOLD="${PHPV}/fpm/pool.d-ioncube" + fpmconf="$POOLD/$domain.conf" + if [ -f "$fpmconf" ]; then + rm $fpmconf + echo "Deleted: $fpmconf" >> /usr/local/vesta/log/system.log + fi + fi +done # Deleting domain from web.conf sed -i "/DOMAIN='$domain'/ d" $USER_DATA/web.conf @@ -142,6 +130,9 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error* # Deleting directory rm -rf $HOMEDIR/$user/web/$domain +if [ -d "/hdd/home/$user/web/$domain" ]; then + rm -rf /hdd/home/$user/web/$domain +fi #----------------------------------------------------------# diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files new file mode 100644 index 00000000..ce72c0c4 --- /dev/null +++ b/bin/v-delete-wordpress-uploads-php-files @@ -0,0 +1,64 @@ +#!/bin/bash +# info: delete PHP files from WordPress uploads folder +# options: DOMAIN + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } +source /etc/profile + +DOMAIN="$1" +[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; } + +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } + +WP_PATH="/home/$USER/web/$DOMAIN/public_html" +[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } + +quarantined=0; + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd "$WP_PATH" || exit 1 + +files=$(find wp-content/uploads/ -type f -name "*.php") + +if [ -z "$files" ]; then + echo "= No PHP files found in WordPress uploads folder." + exit 0; +fi + +echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :" +echo "-------------------------------------" +echo "$files" +echo "-------------------------------------" + +read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty +if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then + for file in $files; do + source_file="/home/$USER/web/$DOMAIN/public_html/$file" + destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" + destination_folder=$(dirname "$destination_file") + mkdir -p "$destination_folder" + chown $USER:$USER "$destination_folder" + mv "$source_file" "$destination_file" + echo "= File $source_file moved to $destination_file" + quarantined=1; + done + chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" +fi + +echo "" +if [ $quarantined -eq 1 ]; then + echo "= All PHP files moved to quarantine." + echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN" +else + echo "= No PHP files found in WordPress uploads folder." +fi + +exit 0; \ No newline at end of file diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress new file mode 100644 index 00000000..fcdc2f66 --- /dev/null +++ b/bin/v-desinfect-wordpress @@ -0,0 +1,81 @@ +#!/bin/bash +# info: disinfect a WordPress site with several maintenance commands +# options: DOMAIN + +# -------------------------------------------------------- # +# variables and checks # +# -------------------------------------------------------- # + +if [ "$(whoami)" != "root" ]; then + echo "You must be root to run this command." + exit 1 +fi + +# make sure all Vesta helper scripts are reachable +export PATH="/usr/local/vesta/bin:$PATH" +source /etc/profile + +domain="$1" +if [ -z "$domain" ]; then + echo "Usage: v-desinfect-wp DOMAIN" + exit 1 +fi + +user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") +if [ -z "$user" ]; then + echo "Domain $domain does not exist." + exit 1 +fi + +# absolute paths to maintenance scripts, in desired order +declare -a tasks=( + "/usr/local/vesta/bin/v-change-database-password-for-wordpress" + "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" + "/usr/local/vesta/bin/v-fix-wordpress-core" + "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" + "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files" + "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" + "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" +) + +# -------------------------------------------------------- # +# execution strategy # +# -------------------------------------------------------- # + +echo +read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty + +if [[ "$run_all" =~ ^[Yy]$ ]]; then + echo "Running all maintenance steps for $domain" + automatic=true +else + echo + echo "Selective mode. You will be asked for each step." + automatic=false +fi + +for cmd in "${tasks[@]}"; do + if [ ! -x "$cmd" ]; then + echo "Command $cmd not found or not executable, skipping." + continue + fi + + if [ "$automatic" = false ]; then + while true; do + read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty + case "$yn" in + [Yy]* ) break ;; + [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;; + * ) echo "Please answer y or n." ;; + esac + done + fi + + echo + echo "=== $(basename "$cmd") $domain ===" + "$cmd" "$domain" +done + +echo +echo "Done." +exit 0 diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini new file mode 100644 index 00000000..9eadfcee --- /dev/null +++ b/bin/v-edit-domain-php-ini @@ -0,0 +1,90 @@ +#!/bin/bash +# info: Edit php.ini for certain domain +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain) + +if [ -z "$fpm_ver" ]; then + echo "PHP version for domain $domain could not be determined." + exit 1 +fi + +config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf" + +if command -v mcedit >/dev/null; then + mcedit "$config_file" +else + nano "$config_file" +fi + +echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" +systemctl restart php${fpm_ver}-fpm +if [ $? -ne 0 ]; then + systemctl status php${fpm_ver}-fpm + echo "=========================" + echo "" + echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" + exit $E_RESTART; +else + echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." +fi +echo "" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini new file mode 100644 index 00000000..0155e6bb --- /dev/null +++ b/bin/v-edit-php-ini @@ -0,0 +1,70 @@ +#!/bin/bash +# info: Edit php.ini for a specific PHP version + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# List available PHP versions and store them into an array +mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php) + +echo "Available PHP versions:" +PS3="Please select the PHP version you want to edit php.ini for: " + +select php_version in "${php_versions[@]}"; do + if [[ -n $php_version ]]; then + break + else + echo "Invalid choice. Please try again." + fi +done + +# Define path to the php.ini file +php_ini_path="/etc/php/${php_version}/fpm/php.ini" + +# Check if php.ini exists for the selected version +if [[ ! -f "$php_ini_path" ]]; then + echo "The php.ini file for the selected PHP version ($php_version) does not exist." + exit 1 +fi + +# Determine the text editor to use +if command -v mcedit >/dev/null 2>&1; then + editor_cmd="mcedit" +elif command -v nano >/dev/null 2>&1; then + editor_cmd="nano" +else + echo "No supported text editor found. Please install 'mcedit' or 'nano'." + exit 1 +fi + +# Open php.ini for the chosen PHP version in the selected editor +echo "Opening $php_ini_path in editor $editor_cmd..." +$editor_cmd "$php_ini_path" + +# Restart the PHP-FPM service for the selected version +echo "Restarting the PHP-FPM service for PHP version $php_version..." +systemctl restart php${php_version}-fpm +if [ $? -ne 0 ]; then + systemctl status php${php_version}-fpm + echo "=========================" + echo "" + echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" + echo "" + exit $E_RESTART; +else + echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." +fi + +#----------------------------------------------------------# +# Exit # +#----------------------------------------------------------# + +exit 0; diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions new file mode 100644 index 00000000..3bce868f --- /dev/null +++ b/bin/v-fix-php-ini-disable-functions @@ -0,0 +1,35 @@ +#!/bin/bash + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1; +fi + +if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi; + +echo "=== Fixing php.ini files to have the correct disable_functions line" + +export NOTFOUNDVAL="exec,system,passthru,shell_exec" +export LINEBEGINSWITH="disable_functions =" +export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" + +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ + +export NOTFOUNDVAL2="^$LINEBEGINSWITH" +export REMOVELINETHATCONTAINS=$LINEBEGINSWITH + +find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ + +if [ -f "/tmp/patched" ]; then + rm /tmp/patched + + echo "== Restarting all PHP-FPM services" + systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart + + echo "=== Everything done." +else + echo "=== Everything is already correct." +fi + +exit 0; diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index ae798992..991ada62 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -44,7 +44,7 @@ find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \; find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \; find /home/$user/mail/*/ -type f -exec chmod u+rw {} \; find /home/$user/mail/*/ -type f -exec chmod g+rw {} \; - +find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; find /home/$user/conf/ -type d -exec chown root:root {} \; @@ -52,6 +52,7 @@ find /home/$user/conf/ -type d -exec chown root:root {} \; find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; +find /home/$user/web/*/ -name "*.php" -type f -exec chmod 600 {} + echo "Done, permissions fixed for user: $user" diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions new file mode 100644 index 00000000..93b9d662 --- /dev/null +++ b/bin/v-fix-website-permissions @@ -0,0 +1,96 @@ +#!/bin/bash +# info: Fixing chown and chmod permissions in the public_html directory +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Argument definition +domain=$1 + +# Check if number of arguments is 2 +if [ $# -eq 2 ]; then + user=$2 +else + user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +fi +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Going to domain directory +cd /home/$USER/web/$domain + +# Ownership check +if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then + owner=$(stat -c '%U' "public_html/index.php") + if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then + echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" + exit 1 + fi +fi + + +echo "Updating permissions for /home/$USER/web/$domain/public_html/" +# Fixing permissions +find public_html/ -type d ! -perm 755 -exec chmod 755 {} + +find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + +# Fixing ownership +find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + +find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + + +php_chmod="600" +if [ -f "/home/$USER/web/$domain/php_chmod" ]; then + php_chmod=$(cat /home/$USER/web/$domain/php_chmod) +fi + +# Setting chmod 600 for all .php and .env files +echo "= Setting chmod $php_chmod for all .php and .env files" +# Fixing permissions +find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + +# Fixing ownership +find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# +echo "Permissions for $domain have been successfully updated." + +exit 0 diff --git a/bin/v-fix-website-permissions-for-all-websites b/bin/v-fix-website-permissions-for-all-websites new file mode 100644 index 00000000..9b1501bd --- /dev/null +++ b/bin/v-fix-website-permissions-for-all-websites @@ -0,0 +1,41 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + /usr/local/vesta/bin/v-fix-website-permissions $domain $user + echo "--------------------------------" + done + +done + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core new file mode 100644 index 00000000..7a511747 --- /dev/null +++ b/bin/v-fix-wordpress-core @@ -0,0 +1,110 @@ +#!/bin/bash +# info: fix compromised wp-admin and wp-includes +# options: DOMAIN [CACHE_DIR] +# +# Replaces wp-admin and wp-includes with clean copies that match +# the WordPress core version detected on the site. +# +# Example: +# v-fix-wp-core example.com +# v-fix-wp-core example.com /srv/wp-cache + +#----------------------------------------------------------# +# Variable & Function # +#----------------------------------------------------------# + +# Arguments +DOMAIN="$1" +CACHE_DIR="${2-/srv/wp-cache}" # default cache location + +QUARANTINE_DIR="/srv/wp-quarantine" + +# Includes +source $VESTA/func/main.sh +source $VESTA/conf/vesta.conf + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# +check_args '1' "$#" 'DOMAIN [CACHE_DIR]' +is_format_valid 'domain' + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace +trap 'rm -rf "$TMP_DIR"' EXIT + +# 1etermine WP version +WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" +check_result $? "cannot detect WP version" > /dev/null +if [ -z "$WP_VERSION" ]; then + check_result 1 "empty WP version string" +fi +echo "Detected WordPress version $WP_VERSION" + +# 2ind site owner and path +USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" +check_result $? "cannot find domain owner" > /dev/null +SITE_PATH="/home/$USER/web/$DOMAIN/public_html" +if [ ! -d "$SITE_PATH" ]; then + check_result 1 "site path $SITE_PATH does not exist" +fi + +# ensure cached core is present +CACHE_PATH="$CACHE_DIR/$WP_VERSION" +if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then + echo "Cache for $WP_VERSION missing, downloading ZIP..." + + mkdir -p "$CACHE_PATH" + ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip" + ZIP_FILE="$TMP_DIR/wp.zip" + + curl -fSL "$ZIP_URL" -o "$ZIP_FILE" + check_result $? "download failed" > /dev/null + + unzip -q "$ZIP_FILE" -d "$TMP_DIR" + check_result $? "unzip failed" > /dev/null + + mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" + mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" + cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/" +fi + +# backup current core folders +TIMESTAMP="$(date +%Y%m%d%H%M%S)" +BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP" +mkdir -p "$BACKUP_DIR" +mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" +mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" + +for f in "$SITE_PATH"/*.php; do + [[ $(basename "$f") == "wp-config.php" ]] && continue + mv "$f" "$BACKUP_DIR/" +done +if [ -f "$SITE_PATH/.user.ini" ]; then + mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/" +fi + +# chown -R www-data:www-data "$BACKUP_DIR" +check_result $? "backup failed" > /dev/null +echo "Old core folders moved to $BACKUP_DIR" + +# deploy clean core +rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" +rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" +check_result $? "rsync failed" > /dev/null + +for corephp in "$CACHE_PATH"/*.php; do + base=$(basename "$corephp") + [ "$base" = "wp-config.php" ] && continue + rsync -a "$corephp" "$SITE_PATH/$base" +done + +# fix permissions +SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN +# chown -R www-data:www-data "$BACKUP_DIR" + +echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" +exit diff --git a/bin/v-get-dns-config b/bin/v-get-dns-config new file mode 100644 index 00000000..d759c489 --- /dev/null +++ b/bin/v-get-dns-config @@ -0,0 +1,70 @@ +#!/bin/bash +# info: Get domain DNS config.db file content +# options: DOMAIN + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +check_args '1' "$#" 'DOMAIN' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -d "/home/$user/web/$domain/public_html" ]; then + # echo "Domain doesn't exist"; + exit 1; +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DNS_FILE="/home/$user/conf/dns/$domain.db" + +if [ -f "$DNS_FILE" ]; then + cat "$DNS_FILE" +else + echo "DNS configuration file for $domain does not exist." + exit 1 +fi + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit 0; diff --git a/bin/v-get-wp-cli b/bin/v-get-wp-cli new file mode 100644 index 00000000..c097a024 --- /dev/null +++ b/bin/v-get-wp-cli @@ -0,0 +1,44 @@ +#!/bin/bash +# info: Download WP CLI +# options: NONE + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +if [ ! -f "/usr/local/bin/composer" ]; then + echo "= Composer is not installed. Installing..." + php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" + php composer-setup.php --install-dir=/usr/local/bin --filename=composer + php -r "unlink('composer-setup.php');" + echo "= Composer installed successfully." +fi + +if [ -d "/usr/local/bin/wp-cli" ]; then + echo "= Removing old WP CLI..." + rm -rf /usr/local/bin/wp-cli +fi + +cd /usr/local/bin +git clone https://github.com/wp-cli/wp-cli.git + +chown -R www-data:www-data wp-cli + +cd wp-cli/ +sudo -H -u www-data composer install + +# Fix terminal columns issue for WP CLI +/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' + +echo "= WP CLI installed successfully." + +exit 0; \ No newline at end of file diff --git a/bin/v-grep b/bin/v-grep new file mode 100644 index 00000000..9ea821e5 --- /dev/null +++ b/bin/v-grep @@ -0,0 +1,27 @@ +#!/bin/bash +# info: calling myvesta_grep PHP function +# options: PARAMETERS +# +# The function is calling myVesta PHP replacement for GNU 'grep' command (but without regular expression) + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + shift; + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@" + exit $? + fi +fi + +if [ "$1" == "--stdin" ]; then + shift; + php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@" +else + php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" +fi +exit $? diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index 02383018..43e8c3bf 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -157,9 +157,15 @@ for sk_dbr in $sk_db_list echo " Create and restore ${sk_dbr} " sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create + fi mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql + if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then + v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql + fi mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" @@ -269,28 +275,29 @@ cd $sk_mdir for sk_maild in $(ls -1) do if [[ "$sk_maild" != "cur" && "$sk_maild" != "new" && "$sk_maild" != "tmp" ]]; then - if [ -d "$sk_maild" ]; then - for sk_mail_account in $(ls $sk_maild/) - do - - echo "Create and restore mail account: $sk_mail_account@$sk_maild" - sk_mail_pass1=$(generate_password) - /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 - mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} - chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} - find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete - # echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} - echo "Set password for ${sk_mail_account}@${sk_maild}" - pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') - newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" - newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" - # echo $newline - escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') - escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') - sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd - sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf - done - fi + if [ -d "$sk_maild" ]; then + for sk_mail_account in $(ls $sk_maild/) + do + echo "Create and restore mail account: $sk_mail_account@$sk_maild" + sk_mail_pass1=$(generate_password) + /usr/local/vesta/bin/v-add-mail-account $sk_cp_user $sk_maild $sk_mail_account $sk_mail_pass1 + mv ${sk_maild}/${sk_mail_account} /home/${sk_cp_user}/mail/${sk_maild} + chown ${sk_cp_user}:mail -R /home/${sk_cp_user}/mail/${sk_maild} + find /home/${sk_cp_user}/mail/${sk_maild} -type f -name 'dovecot*' -delete + if [ -f "${sk_importer_in}/homedir/etc/${sk_maild}/shadow" ]; then + echo "Set password for ${sk_mail_account}@${sk_maild}" + pass=$(grep "^${sk_mail_account}:" ${sk_importer_in}/homedir/etc/${sk_maild}/shadow | awk -F ":" '{print $2}') + newline="${sk_mail_account}:{SHA512-CRYPT}$pass:${sk_cp_user}:mail::/home/${sk_cp_user}:0" + newline2="ACCOUNT='${sk_mail_account}' ALIAS='' AUTOREPLY='no' FWD='' FWD_ONLY='' MD5='{SHA512-CRYPT}$pass' QUOTA='unlimited' U_DISK='0' SUSPENDED='no' TIME='$time' DATE='$date'" + escaped=$(printf '%s\n' "$newline" | sed -e 's/[\/&]/\\&/g') + escaped2=$(printf '%s\n' "$newline2" | sed -e 's/[\/&]/\\&/g') + sed -i "s/^${sk_mail_account}:.*/$escaped/g" /home/${sk_cp_user}/conf/mail/${sk_maild}/passwd + sed -i "s/^ACCOUNT='${sk_mail_account}.*/$escaped2/g" /usr/local/vesta/data/users/${sk_cp_user}/mail/${sk_maild}.conf + else + echo "${sk_mail_account}@${sk_maild} | $sk_mail_pass1" >> /root/sk_mail_password_${sk_cp_user}-${sk_cod} + fi + done + fi #else # this only detect default dirs account new, cur, tmp etc # maybe can do something with this, but on most cpanel default account have only spam. @@ -367,7 +374,9 @@ tput setaf 4 echo "##############################" echo "cPanel Backup restored" echo "Review your content and report any fail" -# echo "I reset mail password not posible restore it yet." -# echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +if [ -f "/root/sk_mail_password_${sk_cp_user}-${sk_cod}" ]; then + echo "I reset mail password not posible restore it yet." + echo "Check your new passwords runing: cat /root/sk_mail_password_${sk_cp_user}-${sk_cod}" +fi echo "##############################" tput sgr0 diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index 6b0e7c4a..9ac2f188 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,6 +52,12 @@ fi # Action # #----------------------------------------------------------# +if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then + /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" +fi + +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + email="info@$domain" TMPLOC="/home/$user/tmp/$domain" @@ -62,8 +68,13 @@ mkdir $TMPLOC # Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" $TMPLOC/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:) +if [ "$release" -lt 12 ]; then + key_start=$(grep -n "BEGIN RSA" $TMPLOC/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END RSA" $TMPLOC/vst.pem |cut -f 1 -d:) +else + key_start=$(grep -n "BEGIN PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END PRIVATE KEY" $TMPLOC/vst.pem |cut -f 1 -d:) +fi # Adding SSL certificate cd $TMPLOC diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 70f3fc7b..3f21d172 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -57,8 +57,17 @@ if [ -z "$database" ]; then fi fi +# Convert domain to IDN if available +if command -v idn2 >/dev/null 2>&1; then + database=$(idn2 "$database") + idn_domain=$(idn2 "$domain") +elif command -v idn >/dev/null 2>&1; then + database=$(idn "$database") + idn_domain=$(idn "$domain") +fi + if [ -z "$email" ]; then - email="info@$domain"; + email="info@$idn_domain"; fi if [ ! -d "/home/$user" ]; then @@ -95,21 +104,37 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1) # Action # #----------------------------------------------------------# -PROTOCOL='http' -if [ -z "$SKIP_LE" ]; then - if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then - /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" - fi -else - PROTOCOL='https' +PROTOCOL='https' + +if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then + echo "== Trying to install LetsEncrypt for domain $domain" + /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" fi -if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then - PROTOCOL='https' - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ]; then +if [ ! -z "$FORCE_HTTP" ]; then + # Switch to http:// only if --FORCE_HTTP parameter is set + echo "== Force http://" + PROTOCOL='http' +fi + +TPL_CHANGED=0; + +if [ "$PROTOCOL" = "https" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" fi fi +if [ "$PROTOCOL" = "http" ]; then + if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then + TPL_CHANGED=1; + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" + fi +fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" @@ -135,11 +160,11 @@ sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user=" mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" echo "=================================================================" -echo "Installation is complete. Your username/password is listed below." +echo "Your WordPress installation is complete." echo "" -echo "Site: $PROTOCOL://$domain/" +echo "Website URL: $PROTOCOL://$domain/" echo "" -echo "Login: $PROTOCOL://$domain/wp-admin/" +echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/" echo "Username: $wpadmin" echo "Password: $password" echo "" diff --git a/bin/v-list-php b/bin/v-list-php new file mode 100644 index 00000000..846e40de --- /dev/null +++ b/bin/v-list-php @@ -0,0 +1,76 @@ +#!/bin/bash +# info: list of installed php versions +# options: [FORMAT] +# +# The function for obtaining the list of installed PHP versions. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + counter=$(echo "$phpversions" | wc -l) + i=1 + echo '[' + for phpversion in $phpversions; do + if [ "$i" -lt "$counter" ]; then + echo -e "\t\"$phpversion\"," + else + echo -e "\t\"$phpversion\"" + fi + (( ++i)) + done + echo "]" +} + +# shell list function +shell_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# PLAIN list function +plain_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# CSV list function +csv_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Obtaining the list of installed PHP-FPM versions +phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort) + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-php-apache b/bin/v-list-php-apache new file mode 100644 index 00000000..e2e431b1 --- /dev/null +++ b/bin/v-list-php-apache @@ -0,0 +1,91 @@ +#!/bin/bash +# info: list of installed php versions that have Apache template. +# options: [FORMAT] +# +# The function obtains the list of installed PHP versions that have Apache template. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Argument definition +format=${1-shell} + +# Includes +source $VESTA/func/main.sh + +# JSON list function +json_list() { + counter=$(echo "$phpversions" | wc -l) + i=1 + echo '[' + for phpversion in $phpversions; do + if [ "$i" -lt "$counter" ]; then + echo -e "\t\"$phpversion\"," + else + echo -e "\t\"$phpversion\"" + fi + (( ++i)) + done + echo "]" +} + +# shell list function +shell_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# PLAIN list function +plain_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +# CSV list function +csv_list() { + for phpversion in $phpversions; do + echo "$phpversion" + done +} + +echo_phpversions_list() { + for element in "${phpversions_list[@]}"; do + echo "$element" + done +} + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +# Obtaining the list of installed PHP-FPM versions +fpmphpversions=$(/usr/local/vesta/bin/v-list-php) + +for phpversion in $fpmphpversions; do + phpversiontpl=${phpversion//./} + tpl="/usr/local/vesta/data/templates/web/apache2/PHP-FPM-$phpversiontpl.tpl" + if [ -f "$tpl" ]; then + phpversions_list+=("$phpversion") + fi +done + +phpversions=$(echo_phpversions_list) + +# Listing data +case $format in + json) json_list ;; + plain) plain_list ;; + csv) csv_list ;; + shell) shell_list ;; +esac + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config index 127f2176..a0fdbbbc 100755 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -54,7 +54,8 @@ json_list() { "SOFTACULOUS": "'$SOFTACULOUS'", "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'", "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", - "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'", + "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'" } }' } diff --git a/bin/v-list-sys-services b/bin/v-list-sys-services index cddb59be..d23a92a7 100755 --- a/bin/v-list-sys-services +++ b/bin/v-list-sys-services @@ -297,7 +297,11 @@ if [ ! -z "$DB_SYSTEM" ] && [ "$DB_SYSTEM" != 'remote' ]; then if [ "$service" = 'mysql' ]; then proc_name='mysqld' release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -eq 11 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then + if [ "$release" -gt 10 ] && [ ! -f "/etc/apt/sources.list.d/mysql.list" ]; then + service='mariadb' + proc_name='mariadbd' + fi + if [ -f "/etc/apt/sources.list.d/mariadb.list" ]; then service='mariadb' proc_name='mariadbd' fi diff --git a/bin/v-list-user-log b/bin/v-list-user-log index ca317f7d..6be9f9ae 100755 --- a/bin/v-list-user-log +++ b/bin/v-list-user-log @@ -12,6 +12,7 @@ # Argument definition user=$1 format=${2-shell} +limit=${3-300} # Includes source $VESTA/func/main.sh @@ -34,6 +35,9 @@ json_list() { "TIME": "'$TIME'", "DATE": "'$DATE'" }' + if [ "$limit" -gt 0 ] && [ "$i" = "$limit" ]; then + break; + fi if [ "$i" -lt "$objects" ]; then echo ',' else @@ -83,7 +87,7 @@ csv_list() { # Verifications # #----------------------------------------------------------# -check_args '1' "$#" 'USER [FORMAT]' +check_args '1' "$#" 'USER [FORMAT] [LIMIT]' is_format_valid 'user' is_object_valid 'user' 'USER' "$user" @@ -93,7 +97,7 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Parsing history log -logs=$(tail -n 300 $USER_DATA/history.log 2>/dev/null) +logs=$(tail -n $limit $USER_DATA/history.log | tac) case $format in json) json_list ;; diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log new file mode 100644 index 00000000..6a6dfadd --- /dev/null +++ b/bin/v-make-main-apache-log @@ -0,0 +1,14 @@ +#!/bin/bash + +touch /var/log/apache2/time.log +# truncate -s 0 /var/log/apache2/time.log +chmod 0640 /var/log/apache2/time.log +chown root:adm /var/log/apache2/time.log +find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' +if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then + sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf +fi +systemctl restart apache2 + +wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index a26c68e3..15e42c05 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -1,4 +1,4 @@ -#!/bin/bash + #!/bin/bash # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users # options: MAIL_HOSTNAME MAIL_IP @@ -45,7 +45,7 @@ is_domain_format_valid "$MAIL_HOSTNAME" is_ip_format_valid "$MAIL_IP" HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME") -if [ -z "$HOST_USER" ]; then +if [ -z "$HOST_USER" ]; then echo "Error: hostname $HOSTNAME is not created as web domain" exit 4 fi @@ -138,7 +138,18 @@ check_grep=$(grep -c 'smtp_active_hostname' /etc/exim4/exim4.conf.template) if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup - cp /usr/local/vesta/install/debian/11/exim/exim4.conf.template-RC /etc/exim4/exim4.conf.template + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template + + eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') + if (( $(echo "$eximversion < 4.96" | bc -l) )); then + cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template + sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template + fi + + if (( $(echo "$eximversion < 4.94" | bc -l) )); then + sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template + fi + sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template @@ -148,6 +159,8 @@ if [ "$check_grep" -eq 0 ]; then sed -i "s|#smtp_banner|smtp_banner|g" /etc/exim4/exim4.conf.template sed -i "s|#interface =|interface =|g" /etc/exim4/exim4.conf.template sed -i "s|#helo_data =|helo_data =|g" /etc/exim4/exim4.conf.template + /usr/local/vesta/bin/v-sed 'tls_certificate = /usr/local/vesta/ssl/certificate.crt' 'tls_certificate = /usr/local/vesta/ssl/$received_ip_address.crt' '/etc/exim4/exim4.conf.template' + /usr/local/vesta/bin/v-sed 'tls_privatekey = /usr/local/vesta/ssl/certificate.key' 'tls_privatekey = /usr/local/vesta/ssl/$received_ip_address.key' '/etc/exim4/exim4.conf.template' touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour touch /etc/exim4/limit_per_email_account_max_recipients touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour @@ -166,9 +179,10 @@ if [ "$check_grep" -eq 0 ]; then fi systemctl restart exim4 if [ $? -ne 0 ]; then + systemctl status exim4 cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template systemctl restart exim4 - echo "=== Patching failed, aborting" + echo "=== Patching failed, old exim conf returned, exim4 restarted again." exit 1 fi echo "=== Patching successful" diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index 6c6c8653..b6f4295b 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -94,6 +94,8 @@ if [ "$DB_EXISTS" = "no" ]; then exit 6 fi +phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN") + # ----------- CHECK ------------- FROM_REPLACE1="http://$FROM_DOMAIN" @@ -102,13 +104,13 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN" TO_REPLACE2="https://www.$FROM_DOMAIN" if [ $IT_IS_WP -eq 0 ]; then - if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then - echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/" - exit 7 - fi - if [ ! -f "/usr/bin/php7.0" ]; then - echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0" - exit 8 + if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then + if [ ! -f "/usr/bin/git" ]; then + apt-get update > /dev/null 2>&1 + apt-get -y install git > /dev/null 2>&1 + fi + cd /root + git clone https://github.com/interconnectit/Search-Replace-DB.git fi else if [ ! -f "/usr/local/bin/wp" ]; then @@ -164,15 +166,15 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC if [ $IT_IS_WP -eq 0 ]; then echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" + php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid + sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins=$(sudo -H -u$FROM_USER /usr/bin/php$phpver /usr/local/bin/wp plugin list --field=name | tr '\n' ',') --skip-themes; fi echo "===== DONE ====" diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index d055e361..383fd26e 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -40,6 +40,10 @@ if [ "$owner" = "$user" ]; then exit fi +USER_DATA=$VESTA/data/users/$owner +is_object_unsuspended 'user' 'USER' "$owner" +USER_DATA=$VESTA/data/users/$user + USER_TO=$user #----------------------------------------------------------# @@ -84,6 +88,56 @@ if [ $? -ne 0 ]; then RET=$E_NOTEXIST fi +#----------------------------------------------------------# +# Update Wordfence WAF Path # +#----------------------------------------------------------# + +filepath="/home/USER_TO/web/$domain/public_html/.user.ini" +filename=$(basename $filepath) + +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" + + # Check if replacement was successful and update file + if [ $? -eq 0 ]; then + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." + else + echo "Failed to update $filename file." + rm "$tmp_file" # Deletes temporary file + fi +fi + +filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php" +filename=$(basename $filepath) + +# Check if file exists +if [ -f "$filepath" ]; then + echo "Updating $filename with new user path..." + + # Temporary file for modification + tmp_file=$(mktemp) + + # Change path from old USER to new USER_TO + sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" + + # Check if replacement was successful and update file + if [ $? -eq 0 ]; then + mv "$tmp_file" "$filepath" + echo "$filename updated successfully." + else + echo "Failed to update $filename file." + rm "$tmp_file" # Deletes temporary file + fi +fi + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index 81561a97..ccd66b7c 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -19,6 +19,8 @@ fi FROMFOLDER=$1 TOFOLDER=$2 +echo "Executing: v-move-folder-and-make-symlink $1 $2" + # Includes source $VESTA/func/main.sh @@ -26,6 +28,16 @@ source $VESTA/func/main.sh # Verifications # #----------------------------------------------------------# +if [ -z "$FROMFOLDER" ]; then + echo "First parameter is empty, aborting" + exit 1 +fi + +if [ -z "$TOFOLDER" ]; then + echo "Second parameter is empty, aborting" + exit 1 +fi + # Trimming the ending slash, just in case FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::') TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::') @@ -66,19 +78,21 @@ fi # Action # #----------------------------------------------------------# -rsync -a "$FROMFOLDER/" "$TOFOLDER/" -# with slashes on the end of the path of both folders -if [ "$?" -ne 0 ]; then - echo "Error happened, aborting" - exit 1 -fi - if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1 # with slashes on the end of the path of the folder fi +# rsync -a "$FROMFOLDER/" "$TOFOLDER/" +# with slashes on the end of the path of both folders + +mv "$FROMFOLDER" "$TOFOLDER" +if [ "$?" -ne 0 ]; then + echo "Error happened, aborting" + exit 1 +fi + rm -rf "$FROMFOLDER" # without slash on the end of the path of the folder diff --git a/bin/v-php-func b/bin/v-php-func index f6192c33..925cc91e 100644 --- a/bin/v-php-func +++ b/bin/v-php-func @@ -2,11 +2,20 @@ # info: calling myVesta PHP functions # options: FUNCTION # -# The function is calling myVesta PHP functions. +# The function is calling myVesta or standard PHP functions directly from bash #----------------------------------------------------------# # Action # #----------------------------------------------------------# + +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php "$@" + exit $? + fi +fi + php /usr/local/vesta/func/bash-to-php-interpreter.php "$@" exit $? diff --git a/bin/v-restart-web b/bin/v-restart-web index ab1afe6c..2b17ad9f 100755 --- a/bin/v-restart-web +++ b/bin/v-restart-web @@ -64,7 +64,9 @@ fi # Resart web system if reload didn't work if [ "$rc" -ne 0 ]; then - service $WEB_SYSTEM restart >/dev/null 2>&1 + # service $WEB_SYSTEM restart >/dev/null 2>&1 + systemctl reset-failed $WEB_SYSTEM + systemctl restart $WEB_SYSTEM >/dev/null 2>&1 if [ $? -ne 0 ]; then send_email_report check_result $E_RESTART "$WEB_SYSTEM restart failed" diff --git a/bin/v-restore-user b/bin/v-restore-user index af451d88..a2dab574 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -417,6 +417,7 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then # Restoring web domain data chown $user $tmpdir chmod u+w $HOMEDIR/$user/web/$domain + chmod 0755 $tmpdir/web/$domain sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \ 2> $HOMEDIR/$user/web/$domain/restore_errors.log @@ -618,6 +619,7 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then chown $user $tmpdir chmod u+w $HOMEDIR/$user/mail/$domain_idn + chmod 0755 $tmpdir/mail/$domain sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ -C $HOMEDIR/$user/mail/$domain_idn/ if [ "$?" -ne 0 ]; then diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli new file mode 100644 index 00000000..ef4f6e10 --- /dev/null +++ b/bin/v-run-wp-cli @@ -0,0 +1,102 @@ +#!/bin/bash +# info: Run WP CLI command for a specific domain +# options: DOMAIN WP_CLI_COMMAND + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +SILENT_MODE=1 + +# Argument definition +domain=$1 +wp_command=${@:2} + +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +USER=$user + +# Includes +source /usr/local/vesta/func/main.sh +source /usr/local/vesta/func/domain.sh + +if [ -z "$user" ]; then + check_result $E_NOTEXIST "domain $domain doesn't exist" +fi + +#----------------------------------------------------------# +# Verifications # +#----------------------------------------------------------# + +VERBOSE_MODE=1 + +check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' +is_format_valid 'domain' +is_object_valid 'user' 'USER' "$user" +is_object_unsuspended 'user' 'USER' "$user" +is_object_unsuspended 'web' 'DOMAIN' "$domain" + +if [ ! -d "/home/$user" ]; then + # echo "User doesn't exist"; + exit 1; +fi + +if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then + echo 'Please install WordPress first.' + exit 1; +fi + +if ! command -v wp &> /dev/null; then + echo "WP CLI is not installed. Installing..." + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + echo "WP CLI installed successfully." +fi + +wpcli="/usr/local/bin/wp" + +if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then + wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" + COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') + echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS +fi + +mkdir -p /home/$user/.wp-cli +chown $user:$user /home/$user/.wp-cli + +if [ -z "$PHP" ]; then + phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") +else + phpver=$PHP +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +cd /home/$USER/web/$domain/public_html +sudo -u $USER /usr/bin/php$phpver -d disable_functions=pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen -d open_basedir=/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log + +return_code=$? + +if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then + rm /usr/local/bin/wp-cli/COLUMNS +fi + +# echo "WP CLI: Done." +# echo "To see Warning/Error log: " +# echo "cat /home/$user/web/$domain/wp-cli-error.log" + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +exit $return_code; diff --git a/bin/v-sed b/bin/v-sed new file mode 100644 index 00000000..16e8ad2b --- /dev/null +++ b/bin/v-sed @@ -0,0 +1,27 @@ +#!/bin/bash +# info: calling myvesta_sed PHP function +# options: PARAMETERS +# +# The function is calling myVesta PHP replacement for GNU 'sed' command (but without regular expression) + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + + +if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then + STDIN=$(cat -) + if [ ! -z "$STDIN" ]; then + shift; + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@" + exit $? + fi +fi + +if [ "$1" == "--stdin" ]; then + shift; + php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@" +else + php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@" +fi +exit $? diff --git a/bin/v-suspend-web-domain b/bin/v-suspend-web-domain index 7bd658ce..c9120122 100755 --- a/bin/v-suspend-web-domain +++ b/bin/v-suspend-web-domain @@ -17,6 +17,10 @@ domain=$2 domain_idn=$2 restart=$3 +if [ -z "$restart" ]; then + restart='yes' +fi + # Includes source $VESTA/func/main.sh source $VESTA/func/domain.sh @@ -80,12 +84,14 @@ fi update_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED' 'yes' increase_user_value "$user" '$SUSPENDED_WEB' -# Restarting web server -$BIN/v-restart-web $restart -check_result $? "Web restart failed" >/dev/null - -$BIN/v-restart-proxy $restart -check_result $? "Proxy restart failed" >/dev/null +if [ "$restart" = "yes" ]; then + # Restarting web server + $BIN/v-restart-web $restart + check_result $? "Web restart failed" >/dev/null + + $BIN/v-restart-proxy $restart + check_result $? "Proxy restart failed" >/dev/null +fi # Logging log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-unlock-wordpress b/bin/v-unlock-wordpress index 1e2cccc6..4a2c42c3 100644 --- a/bin/v-unlock-wordpress +++ b/bin/v-unlock-wordpress @@ -58,6 +58,8 @@ chown -R $user:$user public_html/ rm public_html/wp-content/uploads/.htaccess +/usr/local/vesta/bin/v-fix-website-permissions $domain + #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-update-document-errors-files b/bin/v-update-document-errors-files new file mode 100644 index 00000000..c044a80a --- /dev/null +++ b/bin/v-update-document-errors-files @@ -0,0 +1,48 @@ +#!/bin/bash +# info: fix website permissions for all websites +# options: +# +# The command is used for fixing website permissions for all websites on the server. + + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +# Importing system variables +source /etc/profile + +# Includes +source $VESTA/func/main.sh + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +for user in $(grep '@' /etc/passwd |cut -f1 -d:); do + if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then + continue; + fi + + for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do + cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html + cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html + sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html + chown $user:$user /home/$user/web/$domain/document_errors/* + chmod 644 /home/$user/web/$domain/document_errors/* + done + +done + + +#----------------------------------------------------------# +# Vesta # +#----------------------------------------------------------# + +# Logging +log_event "$OK" "$ARGUMENTS" + +exit diff --git a/bin/v-update-firewall b/bin/v-update-firewall index d3a46686..6d359f07 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp echo "$iptables -F INPUT" >> $tmp # Enabling stateful support -if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then +if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then str="$iptables -A INPUT -m state" str="$str --state ESTABLISHED,RELATED -j ACCEPT" echo "$str" >> $tmp @@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then fi # Saving rules to the master iptables file -if [ -d "/etc/sysconfig" ]; then - /sbin/iptables-save > /etc/sysconfig/iptables - if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then - /sbin/chkconfig iptables on - fi -else +# if [ -d "/etc/sysconfig" ]; then +# /sbin/iptables-save > /etc/sysconfig/iptables +# if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then +# /sbin/chkconfig iptables on +# fi +# else /sbin/iptables-save > /etc/iptables.rules preup="/etc/network/if-pre-up.d/iptables" if [ ! -e "$preup" ]; then @@ -178,7 +178,7 @@ else echo "exit 0" >> $preup chmod +x $preup fi -fi +# fi # Worarkound for OpenVZ if [ -e "/proc/vz/veinfo" ]; then diff --git a/bin/v-update-mail-domain-disk b/bin/v-update-mail-domain-disk index 451dbd37..be5502e7 100755 --- a/bin/v-update-mail-domain-disk +++ b/bin/v-update-mail-domain-disk @@ -49,7 +49,8 @@ dom_diks=0 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + cd $home_dir + udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-mail-domains-disk b/bin/v-update-mail-domains-disk index ca93627f..807218e3 100755 --- a/bin/v-update-mail-domains-disk +++ b/bin/v-update-mail-domains-disk @@ -35,13 +35,14 @@ fi #----------------------------------------------------------# # Starting loop -for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'mail' 'DOMAIN'); do dom_diks=0 - accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT') + accounts=$(list_objects "mail/$domain" 'ACCOUNT') for account in $accounts; do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + cd $home_dir + udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-sys-rrd-la b/bin/v-update-sys-rrd-la index c8266626..860bdec6 100755 --- a/bin/v-update-sys-rrd-la +++ b/bin/v-update-sys-rrd-la @@ -74,7 +74,7 @@ rrdtool graph $RRD/la/$period-la.png \ -c "SHADEA#ffffff" \ -c "SHADEB#ffffff" \ -c "FONT#555555" \ - -c "CANVAS#302c2d" \ + -c "CANVAS#F2F2F2" \ -c "GRID#666666" \ -c "MGRID#AAAAAA" \ -c "FRAME#777777" \ @@ -82,7 +82,7 @@ rrdtool graph $RRD/la/$period-la.png \ DEF:la=$RRD/la/la.rrd:LA:AVERAGE \ DEF:pr=$RRD/la/la.rrd:PR:AVERAGE \ COMMENT:'\r' \ - AREA:la#C8EA2E:"LA * 100"\ + AREA:la#00CD2E:"LA * 100"\ GPRINT:la:'LAST: Current\:''%8.0lf' \ GPRINT:la:'MIN: Min\:''%8.0lf' \ GPRINT:la:'MAX: Max\:''%8.0lf\j' \ diff --git a/bin/v-update-web-domain-disk b/bin/v-update-web-domain-disk index ac851b92..1bee4685 100755 --- a/bin/v-update-web-domain-disk +++ b/bin/v-update-web-domain-disk @@ -50,6 +50,14 @@ if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi +# Defining hdd home directory +home_dir="/hdd$HOMEDIR/$user/web/$domain/" + +# Checking home directory exist +if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) +fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-web-domains-disk b/bin/v-update-web-domains-disk index 5951f289..5ee58abf 100755 --- a/bin/v-update-web-domains-disk +++ b/bin/v-update-web-domains-disk @@ -32,11 +32,16 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Domain loop -for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do +for domain in $(list_objects 'web' 'DOMAIN'); do home_dir="$HOMEDIR/$user/web/$domain/" if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi + home_dir="/hdd$HOMEDIR/$user/web/$domain/" + if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then + disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) + disk_usage=$(( disk_usage + disk_usage2 )) + fi update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage" done diff --git a/bin/v-whitelist-email-account b/bin/v-whitelist-email-account new file mode 100644 index 00000000..4a6e6329 --- /dev/null +++ b/bin/v-whitelist-email-account @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a specific email address to SpamAssassin whitelist +# usage: v-whitelist-email-account EMAIL + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if an entry already exists in a file +check_entry_exists() { + local entry=$1 + local file=$2 + grep -qF "$entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklisted() { + local pattern=$1 + local file=$2 + grep -qE "blacklist_from.*${pattern}" "$file" +} + +# Function to add an entry to a file +add_entry_to_file() { + local entry=$1 + local file=$2 + echo "$entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 1 ]; then + echo "Usage: v-whitelist-email-account EMAIL" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +EMAIL=$1 + +# Validate email format +if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then + echo "Invalid email address format." + exit 1 +fi + +# Extract the domain from the email address +DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}') + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY="whitelist_from $EMAIL" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the email address or its domain is already blacklisted +if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. It is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted." + exit 1 +fi + +if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted." + exit 1 +fi + +# Add the email to whitelist if not already present +if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then + add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE" + echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE." +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 diff --git a/bin/v-whitelist-email-domain b/bin/v-whitelist-email-domain new file mode 100644 index 00000000..9d877ad4 --- /dev/null +++ b/bin/v-whitelist-email-domain @@ -0,0 +1,119 @@ +#!/bin/bash +# info: Add a domain to SpamAssassin whitelist +# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO) + +#----------------------------------------------------------# +# Variable&Function # +#----------------------------------------------------------# + +whoami=$(whoami) +if [ "$whoami" != "root" ]; then + echo "You must be root to execute this script" + exit 1 +fi + +# Importing system environment +source /etc/profile + +# Determine Debian version and set SpamAssassin service name +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) +if [ "$release" -lt 12 ]; then + SPAMD_SERVICE="spamassassin.service" +else + SPAMD_SERVICE="spamd.service" +fi + +SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" + +# Flags to track changes +SPAMASSASSIN_CHANGED=false + +# Function to check if a SpamAssassin whitelist entry already exists +check_whitelist_exists() { + local entry=$1 + local file=$2 + grep -qF "whitelist_from $entry" "$file" +} + +# Function to check if a domain/email is already blacklisted +check_blacklist_exists() { + local domain=$1 + local file=$2 + grep -qE "blacklist_from.*${domain}$" "$file" +} + +# Function to add whitelist entry to file +add_whitelist_to_file() { + local entry=$1 + local file=$2 + echo "whitelist_from $entry" >> "$file" +} + +# Display usage if no arguments are provided +if [ $# -lt 2 ]; then + echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)" + exit 1 +fi + +#----------------------------------------------------------# +# Action # +#----------------------------------------------------------# + +DOMAIN=$1 +SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) + +# Validate SUBDOMAIN parameter +if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then + echo "Invalid parameter for SUBDOMAIN. Use YES or NO." + exit 1 +fi + +# Prepare entries for SpamAssassin +WHITELIST_ENTRY_MAIN="*@${DOMAIN}" +WHITELIST_ENTRY_SUB="*.$DOMAIN" +BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" +BLACKLIST_ENTRY_SUB="*.$DOMAIN" + +#----------------------------------------------------------# +# SpamAssassin Whitelist # +#----------------------------------------------------------# + +echo "Updating $SPAMASSASSIN_FILE..." + +# Check if the domain is already blacklisted +if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then + echo "Cannot whitelist $DOMAIN. It is already blacklisted." + exit 1 +fi + +# Add the main entry +if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true +else + echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." +fi + +# Add the subdomain entry if needed +if [ "$SUBDOMAIN" == "YES" ]; then + if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then + add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE" + echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE." + SPAMASSASSIN_CHANGED=true + else + echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." + fi +fi + +# Restart SpamAssassin only if changes were made +if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then + systemctl restart "$SPAMD_SERVICE" + echo "SpamAssassin service ($SPAMD_SERVICE) restarted." +fi + +#----------------------------------------------------------# +# Done # +#----------------------------------------------------------# + +exit 0 diff --git a/func/bash-to-php-interpreter.php b/func/bash-to-php-interpreter.php index 13995e1c..b437c3c9 100644 --- a/func/bash-to-php-interpreter.php +++ b/func/bash-to-php-interpreter.php @@ -7,24 +7,73 @@ else $SHLVL=3; if (!isset($argv)) exit(5); +$argv_start=1; +$STDIN_ENABLED=false; +if ($argv[1]=='--stdin') { + $STDIN_ENABLED=true; + $argv_start++; +} + +$myvesta_stdin=''; +if ($STDIN_ENABLED==true) { + stream_set_blocking(STDIN, false); + $myvesta_f = fopen( 'php://stdin', 'r' ); + while( $myvesta_line = fgets( $myvesta_f ) ) { + $myvesta_stdin .= $myvesta_line; + } + fclose( $myvesta_f ); +} + include ("/usr/local/vesta/func/main.php"); include ("/usr/local/vesta/func/string.php"); $counter=count($argv); if ($counter<2) myvesta_throw_error(2, 'Function is missing'); -$func=$argv[1]; +$func=$argv[$argv_start]; if (!function_exists($func)) { - $func="myvesta_".$argv[1]; + $func="myvesta_".$argv[$argv_start]; if (!function_exists($func)) myvesta_throw_error(2, 'Function does not exists'); } +$insert_stdin_at_position=false; +if ($func=="myvesta_grep") $insert_stdin_at_position=1; +if ($func=="myvesta_sed") $insert_stdin_at_position=2; + $params=array(); -for ($i=2; $i<$counter; $i++) { +$added=0; +$stdin_content=''; +$myvesta_stdin_from_file=''; +$myvesta_stdin_return_not_found=false; +if ($myvesta_stdin!='' && $insert_stdin_at_position===false) {$params[]=$myvesta_stdin; $added++;} + +$argv_start++; + +for ($i=$argv_start; $i<$counter; $i++) { $argv[$i]=myvesta_fix_backslashes($argv[$i]); + //if ($insert_stdin_at_position!==false && $myvesta_stdin=='') if ($insert_stdin_at_position==$added) {$stdin_content=$argv[$i]; $added++; continue;} $params[]=$argv[$i]; + $added++; } +//print_r($params); exit; + +if ($insert_stdin_at_position!=false) { + if ($myvesta_stdin=='' && isset($params[$insert_stdin_at_position])) { + $file_or_stdin=$params[$insert_stdin_at_position]; + if (!file_exists($file_or_stdin)) { + $myvesta_stdin_return_not_found=true; + $myvesta_stdin=''; + } else { + $myvesta_stdin=file_get_contents($file_or_stdin); + $myvesta_stdin_from_file=$file_or_stdin; + } + $params[$insert_stdin_at_position]=$myvesta_stdin; + } else { + array_splice($params, $insert_stdin_at_position, 0, array($myvesta_stdin)); + } +} +//print_r($params); exit; $r=call_user_func_array($func, $params); if (is_bool($r)) { diff --git a/func/db.sh b/func/db.sh index 20230fec..7e4f4d97 100644 --- a/func/db.sh +++ b/func/db.sh @@ -29,6 +29,9 @@ mysql_connect() { mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1 if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\ $SENDMAIL -s "$subj" $email fi @@ -55,10 +58,13 @@ mysql_query() { mysql_dump() { err="/tmp/e.mysql" - mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err + mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat $err)" |\ $SENDMAIL -s "$subj" $email fi @@ -82,6 +88,9 @@ psql_connect() { psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then + subj="Error: Connection to $HOST failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi @@ -103,6 +112,9 @@ psql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then + subj="Error: dump $database failed" + email=$($BIN/v-get-user-value admin CONTACT) + echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi diff --git a/func/main.php b/func/main.php index fcc96610..4628c92a 100644 --- a/func/main.php +++ b/func/main.php @@ -1,6 +1,9 @@ : defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl index 9660c234..39777224 100644 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl index 892c0d1f..b6e306d7 100644 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73.stpl b/install/debian/10/templates/web/apache2/PHP-FPM-73.stpl index 28224413..902d647a 100644 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73.stpl +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/install/debian/10/templates/web/apache2/PHP-FPM-73.tpl b/install/debian/10/templates/web/apache2/PHP-FPM-73.tpl index 7bec5e73..40df2629 100644 --- a/install/debian/10/templates/web/apache2/PHP-FPM-73.tpl +++ b/install/debian/10/templates/web/apache2/PHP-FPM-73.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/install/debian/10/templates/web/awstats/awstats.tpl b/install/debian/10/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/10/templates/web/awstats/awstats.tpl +++ b/install/debian/10/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/10/templates/web/nginx/private-hosting.sh b/install/debian/10/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/10/templates/web/nginx/private-hosting.sh +++ b/install/debian/10/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/11/exim/dnsbl.conf b/install/debian/11/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/11/exim/dnsbl.conf +++ b/install/debian/11/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/11/exim/exim4.conf.template b/install/debian/11/exim/exim4.conf.template index 4b3c0dd9..3f09a2e8 100644 --- a/install/debian/11/exim/exim4.conf.template +++ b/install/debian/11/exim/exim4.conf.template @@ -11,6 +11,7 @@ disable_ipv6=true add_environment=<; PATH=/bin:/usr/bin keep_environment= +smtputf8_advertise_hosts = domainlist local_domains = dsearch;/etc/exim4/domains/ domainlist relay_to_domains = dsearch;/etc/exim4/domains/ @@ -91,16 +92,18 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept @@ -319,7 +322,7 @@ remote_smtp: dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 - hosts_try_fastopen = !*.l.google.com + hosts_try_fastopen = hosts_try_chunking = !93.188.3.0/24 procmail: diff --git a/install/debian/11/exim/exim4.conf.template-RC b/install/debian/11/exim/exim4.conf.template-RC index 36ba2a0d..82b97d4e 100644 --- a/install/debian/11/exim/exim4.conf.template-RC +++ b/install/debian/11/exim/exim4.conf.template-RC @@ -11,6 +11,7 @@ disable_ipv6=true add_environment=<; PATH=/bin:/usr/bin keep_environment= +smtputf8_advertise_hosts = #local_interfaces = 0.0.0.0 #smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} @@ -108,16 +109,18 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept @@ -142,7 +145,7 @@ acl_check_rcpt: warn !authenticated = * hosts = !+relay_from_hosts - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} set acl_m3 = yes deny message = Restricted characters in address @@ -350,7 +353,7 @@ remote_smtp: dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 - hosts_try_fastopen = !*.l.google.com + hosts_try_fastopen = hosts_try_chunking = !93.188.3.0/24 procmail: diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74-public.stpl b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.stpl index fdbc26f9..739cb48d 100644 --- a/install/debian/11/templates/web/apache2/PHP-FPM-74-public.stpl +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74-public.tpl b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.tpl index 614f20c3..f31ed5a8 100644 --- a/install/debian/11/templates/web/apache2/PHP-FPM-74-public.tpl +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74.stpl b/install/debian/11/templates/web/apache2/PHP-FPM-74.stpl index df607247..fbc1d9c6 100644 --- a/install/debian/11/templates/web/apache2/PHP-FPM-74.stpl +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/install/debian/11/templates/web/apache2/PHP-FPM-74.tpl b/install/debian/11/templates/web/apache2/PHP-FPM-74.tpl index 7b6e2cb5..aaf8f62c 100644 --- a/install/debian/11/templates/web/apache2/PHP-FPM-74.tpl +++ b/install/debian/11/templates/web/apache2/PHP-FPM-74.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/install/debian/11/templates/web/awstats/awstats.tpl b/install/debian/11/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/11/templates/web/awstats/awstats.tpl +++ b/install/debian/11/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/11/templates/web/nginx/private-hosting.sh b/install/debian/11/templates/web/nginx/private-hosting.sh index abc9155d..eeed37ef 100755 --- a/install/debian/11/templates/web/nginx/private-hosting.sh +++ b/install/debian/11/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/apache2/apache2.conf b/install/debian/12/apache2/apache2.conf new file mode 100644 index 00000000..2be3e50d --- /dev/null +++ b/install/debian/12/apache2/apache2.conf @@ -0,0 +1,95 @@ +# It is split into several files forming the configuration hierarchy outlined +# below, all located in the /etc/apache2/ directory: +# +# /etc/apache2/ +# |-- apache2.conf +# | `-- ports.conf +# |-- mods-enabled +# | |-- *.load +# | `-- *.conf +# |-- conf.d +# | `-- * + +# Global configuration +PidFile ${APACHE_PID_FILE} +Timeout 900 +ProxyTimeout 900 +KeepAlive Off +MaxKeepAliveRequests 100 +KeepAliveTimeout 10 + + + StartServers 8 + MinSpareServers 5 + MaxSpareServers 20 + ServerLimit 256 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + + + StartServers 2 + MinSpareThreads 25 + MaxSpareThreads 75 + ThreadLimit 64 + ThreadsPerChild 25 + MaxClients 200 + MaxRequestsPerChild 4000 + + +# These need to be set in /etc/apache2/envvars +User ${APACHE_RUN_USER} +Group ${APACHE_RUN_GROUP} +#User www-data +#Group www-data + +AccessFileName .htaccess + + + Order allow,deny + Deny from all + Satisfy all + + +DefaultType None +HostnameLookups Off + +ErrorLog ${APACHE_LOG_DIR}/error.log +LogLevel warn + +# Include module configuration: +Include mods-enabled/*.load +Include mods-enabled/*.conf + +# Include list of ports to listen on and which to use for name based vhosts +Include ports.conf + +LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined +LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined +LogFormat "%h %l %u %t \"%r\" %>s %O" common +LogFormat "%{Referer}i -> %U" referer +LogFormat "%{User-agent}i" agent +LogFormat "%b" bytes + +Include conf.d/ + +# Include the virtual host configurations: +#Include sites-enabled/ + +ErrorDocument 403 /error/403.html +ErrorDocument 404 /error/404.html +ErrorDocument 500 /error/50x.html +ErrorDocument 501 /error/50x.html +ErrorDocument 502 /error/50x.html +ErrorDocument 503 /error/50x.html +ErrorDocument 506 /error/50x.html diff --git a/install/debian/12/apache2/status.conf b/install/debian/12/apache2/status.conf new file mode 100644 index 00000000..0d82a356 --- /dev/null +++ b/install/debian/12/apache2/status.conf @@ -0,0 +1,8 @@ +Listen 127.0.0.1:8081 + + SetHandler server-status + Order deny,allow + Deny from all + Allow from 127.0.0.1 + # Allow from all + diff --git a/install/debian/12/bind/named.conf b/install/debian/12/bind/named.conf new file mode 100644 index 00000000..ed6ece88 --- /dev/null +++ b/install/debian/12/bind/named.conf @@ -0,0 +1,12 @@ +// This is the primary configuration file for the BIND DNS server named. +// +// Please read /usr/share/doc/bind9/README.Debian.gz for information on the +// structure of BIND configuration files in Debian, *BEFORE* you customize +// this configuration file. +// +// If you are just adding zones, please do that in /etc/bind/named.conf.local + +include "/etc/bind/named.conf.options"; +include "/etc/bind/named.conf.local"; +include "/etc/bind/named.conf.default-zones"; + diff --git a/install/debian/12/clamav/clamd.conf b/install/debian/12/clamav/clamd.conf new file mode 100644 index 00000000..c636b6d3 --- /dev/null +++ b/install/debian/12/clamav/clamd.conf @@ -0,0 +1,61 @@ +#Automatically Generated by clamav-base postinst +#To reconfigure clamd run #dpkg-reconfigure clamav-base +#Please read /usr/share/doc/clamav-base/README.Debian.gz for details +LocalSocket /var/run/clamav/clamd.ctl +FixStaleSocket true +LocalSocketGroup clamav +LocalSocketMode 666 +# TemporaryDirectory is not set to its default /tmp here to make overriding +# the default with environment variables TMPDIR/TMP/TEMP possible +User clamav +# AllowSupplementaryGroups true +ScanMail true +ScanArchive true +ArchiveBlockEncrypted false +MaxDirectoryRecursion 15 +FollowDirectorySymlinks false +FollowFileSymlinks false +ReadTimeout 180 +MaxThreads 12 +MaxConnectionQueueLength 15 +LogSyslog false +LogFacility LOG_LOCAL6 +LogClean true +LogVerbose true +PidFile /var/run/clamav/clamd.pid +DatabaseDirectory /var/lib/clamav +SelfCheck 3600 +Foreground false +Debug false +ScanPE true +ScanOLE2 true +ScanHTML true +ExitOnOOM false +LeaveTemporaryFiles false +AlgorithmicDetection true +ScanELF true +IdleTimeout 30 +PhishingSignatures true +PhishingScanURLs true +PhishingAlwaysBlockSSLMismatch false +PhishingAlwaysBlockCloak false +DetectPUA false +ScanPartialMessages false +HeuristicScanPrecedence false +StructuredDataDetection false +CommandReadTimeout 5 +SendBufTimeout 200 +MaxQueue 100 +ExtendedDetectionInfo true +OLE2BlockMacros false +StreamMaxLength 2M +MaxFileSize 2M +LogFile /var/log/clamav/clamav.log +LogTime true +LogFileUnlock false +LogFileMaxSize 0 +Bytecode true +BytecodeSecurity TrustSigned +BytecodeTimeout 60000 +OfficialDatabaseOnly false +CrossFilesystems true diff --git a/install/debian/12/deb_signing.key b/install/debian/12/deb_signing.key new file mode 100644 index 00000000..d279abbd --- /dev/null +++ b/install/debian/12/deb_signing.key @@ -0,0 +1,41 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 +sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ +RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj +4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O +JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT +kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq +aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR +leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e +++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j +b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 +HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy +UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 +olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY +lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 +bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ +DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo +znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 +3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG +rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ +USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 +mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G +EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm +0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg +coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy +fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr +7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA +EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ +EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof +lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 +m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G +fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ +hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 +N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx +JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA +zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da +qiC8NLvRaE3PVkma9Q== +=RAbI +-----END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/12/dovecot/conf.d/10-auth.conf b/install/debian/12/dovecot/conf.d/10-auth.conf new file mode 100644 index 00000000..dfcc8311 --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-auth.conf @@ -0,0 +1,4 @@ +disable_plaintext_auth = no +auth_verbose = yes +auth_mechanisms = plain login +!include auth-passwdfile.conf.ext diff --git a/install/debian/12/dovecot/conf.d/10-logging.conf b/install/debian/12/dovecot/conf.d/10-logging.conf new file mode 100644 index 00000000..a5f207d5 --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-logging.conf @@ -0,0 +1 @@ +log_path = /var/log/dovecot.log diff --git a/install/debian/12/dovecot/conf.d/10-mail.conf b/install/debian/12/dovecot/conf.d/10-mail.conf new file mode 100644 index 00000000..55313419 --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-mail.conf @@ -0,0 +1,4 @@ +mail_privileged_group = mail +mail_access_groups = mail +mail_location = maildir:%h/mail/%d/%n +pop3_uidl_format = %08Xu%08Xv diff --git a/install/debian/12/dovecot/conf.d/10-master.conf b/install/debian/12/dovecot/conf.d/10-master.conf new file mode 100644 index 00000000..a75a9aaa --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-master.conf @@ -0,0 +1,29 @@ +service imap-login { + inet_listener imap { + } + inet_listener imaps { + } +} + +service pop3-login { + inet_listener pop3 { + } + inet_listener pop3s { + } +} + + +service imap { +} + +service pop3 { +} + +service auth { + unix_listener auth-client { + group = mail + mode = 0660 + user = dovecot + } + user = dovecot +} diff --git a/install/debian/12/dovecot/conf.d/10-ssl.conf b/install/debian/12/dovecot/conf.d/10-ssl.conf new file mode 100644 index 00000000..3aaff6ee --- /dev/null +++ b/install/debian/12/dovecot/conf.d/10-ssl.conf @@ -0,0 +1,3 @@ +ssl = yes +ssl_cert = = 2.1.4) : %v.%u + # Dovecot v0.99.x : %v.%u + # tpop3d : %Mf + # + # Note that Outlook 2003 seems to have problems with %v.%u format which was + # Dovecot's default, so if you're building a new server it would be a good + # idea to change this. %08Xu%08Xv should be pretty fail-safe. + # + #pop3_uidl_format = %08Xu%08Xv + + # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes + # won't change those UIDLs. Currently this works only with Maildir. + #pop3_save_uidl = no + + # What to do about duplicate UIDLs if they exist? + # allow: Show duplicates to clients. + # rename: Append a temporary -2, -3, etc. counter after the UIDL. + #pop3_uidl_duplicates = allow + + # POP3 logout format string: + # %i - total number of bytes read from client + # %o - total number of bytes sent to client + # %t - number of TOP commands + # %p - number of bytes sent to client as a result of TOP command + # %r - number of RETR commands + # %b - number of bytes sent to client as a result of RETR command + # %d - number of deleted messages + # %m - number of messages (before deletion) + # %s - mailbox size in bytes (before deletion) + # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly + #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s + + # Maximum number of POP3 connections allowed for a user from each IP address. + # NOTE: The username is compared case-sensitively. + mail_max_userip_connections = 50 + + # Space separated list of plugins to load (default is global mail_plugins). + #mail_plugins = $mail_plugins + + # Workarounds for various client bugs: + # outlook-no-nuls: + # Outlook and Outlook Express hang if mails contain NUL characters. + # This setting replaces them with 0x80 character. + # oe-ns-eoh: + # Outlook Express and Netscape Mail breaks if end of headers-line is + # missing. This option simply sends it if it's missing. + # The list is space-separated. + #pop3_client_workarounds = +} diff --git a/install/debian/12/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/12/dovecot/conf.d/auth-passwdfile.conf.ext new file mode 100644 index 00000000..75e6e115 --- /dev/null +++ b/install/debian/12/dovecot/conf.d/auth-passwdfile.conf.ext @@ -0,0 +1,9 @@ +passdb { + driver = passwd-file + args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd +} + +userdb { + driver = passwd-file + args = username_format=%n /etc/exim4/domains/%d/passwd +} diff --git a/install/debian/12/dovecot/dovecot.conf b/install/debian/12/dovecot/dovecot.conf new file mode 100644 index 00000000..0a855351 --- /dev/null +++ b/install/debian/12/dovecot/dovecot.conf @@ -0,0 +1,4 @@ +protocols = imap pop3 +listen = *, :: +base_dir = /var/run/dovecot/ +!include conf.d/*.conf diff --git a/install/debian/12/exim/deny_senders b/install/debian/12/exim/deny_senders new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/install/debian/12/exim/deny_senders @@ -0,0 +1 @@ + diff --git a/install/debian/12/exim/dnsbl.conf b/install/debian/12/exim/dnsbl.conf new file mode 100644 index 00000000..279bafcd --- /dev/null +++ b/install/debian/12/exim/dnsbl.conf @@ -0,0 +1 @@ +bl.spamcop.net diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template new file mode 100644 index 00000000..15264797 --- /dev/null +++ b/install/debian/12/exim/exim4.conf.template @@ -0,0 +1,487 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + # if outbound, and forwarding has been done, use an alternate transport + domains = ! +local_domains + transport = ${if eq {$local_part@$domain} \ + {$original_local_part@$original_domain} \ + {remote_smtp} {remote_forwarded_smtp}} + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +inbound_srs: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which are converted to SRS, and decode them + condition = ${if inbound_srs {$local_part} {SRS_SECRET}} + data = $srs_recipient + +inbound_srs_failure: + driver = redirect + senders = : + domains = +local_domains + # detect inbound bounces which look converted to SRS but are invalid + condition = ${if inbound_srs {$local_part} {}} + allow_fail + data = :fail: Invalid SRS recipient address + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +remote_forwarded_smtp: + driver = smtp + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + # modify the envelope from, for mails that we forward + max_rcpt = 1 + return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/12/exim/exim4.conf.template.without-srs b/install/debian/12/exim/exim4.conf.template.without-srs new file mode 100644 index 00000000..78eda468 --- /dev/null +++ b/install/debian/12/exim/exim4.conf.template.without-srs @@ -0,0 +1,451 @@ +###################################################################### +# # +# Exim configuration file for Vesta Control Panel # +# # +###################################################################### + +#SPAMASSASSIN = yes +#SPAM_SCORE = 50 +#CLAMD = yes + +disable_ipv6=true +add_environment=<; PATH=/bin:/usr/bin +keep_environment= +smtputf8_advertise_hosts = + +#local_interfaces = 0.0.0.0 +#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} +#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" + +domainlist local_domains = dsearch;/etc/exim4/domains/ +domainlist relay_to_domains = dsearch;/etc/exim4/domains/ +hostlist relay_from_hosts = 127.0.0.1 +hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf +hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf +no_local_from_check +untrusted_set_sender = * +acl_smtp_connect = acl_check_spammers +acl_smtp_mail = acl_check_mail +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data +acl_smtp_mime = acl_check_mime + +LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 +LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 +LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 +LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 + +recipients_max = 150 +recipients_max_reject = true + +# log_selector = +smtp_connection +smtp_accept_max = 50 +smtp_accept_max_per_host = 4 + +.ifdef SPAMASSASSIN +spamd_address = 127.0.0.1 783 +.endif + +.ifdef CLAMD +av_scanner = clamd: /var/run/clamav/clamd.ctl +.endif + +tls_advertise_hosts = * +tls_certificate = /usr/local/vesta/ssl/certificate.crt +tls_privatekey = /usr/local/vesta/ssl/certificate.key + +daemon_smtp_ports = 25 : 465 : 587 : 2525 +tls_on_connect_ports = 465 +never_users = root +host_lookup = * +rfc1413_hosts = * +rfc1413_query_timeout = 0s +ignore_bounce_errors_after = 2d +timeout_frozen_after = 7d + +DKIM_DOMAIN = ${lc:${domain:$h_from:}} +DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem +DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} + + + +###################################################################### +# ACL CONFIGURATION # +# Specifies access control lists for incoming SMTP mail # +###################################################################### + +acl_not_smtp = acl_not_smtp + +begin acl + +acl_not_smtp: + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = yes + + accept + +acl_check_spammers: + accept hosts = +whitelist + + drop message = Your host in blacklist on this server. + log_message = Host in blacklist + hosts = +spammers + + accept + + +acl_check_mail: + deny condition = ${if eq{$sender_helo_name}{}} + message = HELO required before MAIL + + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} + condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} + delay = 45s + + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} + message = Access denied - Invalid HELO name (See RFC2821 4.1.3) + + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} + message = $interface_address is _my_ address + + accept + + +acl_check_rcpt: + accept hosts = : + + deny message = Too many recipients, limit is $acl_c_max_recipients recipients + set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} + condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} + + deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id + + warn ratelimit = 0 / 1h / strict / $authenticated_id + set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} + log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] + + warn set acl_m3 = no + + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + require verify = sender + + accept hosts = +relay_from_hosts + control = submission + + accept authenticated = * + control = submission/domain= + + deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text + hosts = !+whitelist + dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + deny message = smtp auth requried + sender_domains = +local_domains + !authenticated = * + + require verify = recipient + +.ifdef CLAMD + warn set acl_m0 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} + set acl_m0 = yes +.endif + +.ifdef SPAMASSASSIN + warn set acl_m1 = no + + warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} + set acl_m1 = yes +.endif + + accept + + +acl_check_data: + + deny senders = /etc/exim4/deny_senders + +.ifdef CLAMD + deny message = Message contains a virus ($malware_name) and has been rejected + malware = */defer_ok + condition = ${if eq{$acl_m0}{yes}{yes}{no}} +.endif + +.ifdef SPAMASSASSIN + warn !authenticated = * + hosts = !+relay_from_hosts + condition = ${if < {$message_size}{600K}} + condition = ${if eq{$acl_m1}{yes}{yes}{no}} + spam = nobody:true/defer_ok + add_header = X-Spam-Score: $spam_score_int + add_header = X-Spam-Bar: $spam_bar + add_header = X-Spam-Report: $spam_report + set acl_m2 = $spam_score_int + + warn condition = ${if !eq{$acl_m2}{} {yes}{no}} + condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} + add_header = X-Spam-Status: Yes + message = SpamAssassin detected spam (from $sender_address to $recipients). +.endif + + accept + + +acl_check_mime: + deny message = Blacklisted file extension detected + condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} + + accept + + + +###################################################################### +# AUTHENTICATION CONFIGURATION # +###################################################################### +begin authenticators + +dovecot_plain: + driver = dovecot + public_name = PLAIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + +dovecot_login: + driver = dovecot + public_name = LOGIN + server_socket = /var/run/dovecot/auth-client + server_set_id = $auth1 + + + +###################################################################### +# ROUTERS CONFIGURATION # +# Specifies how addresses are handled # +###################################################################### +begin routers + +#smarthost: +# driver = manualroute +# domains = ! +local_domains +# transport = remote_smtp +# route_list = * smartrelay.vestacp.com +# no_more +# no_verify + +dnslookup: + driver = dnslookup + domains = !+local_domains + transport = remote_smtp + no_more + +localuser_spam: + driver = accept + transport = local_spam_delivery + condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} + +userforward: + driver = redirect + check_local_user + file = $home/.forward + require_files = ${local_part}:+${home}/.forward + domains = +local_domains + allow_filter + no_verify + no_expn + check_ancestor + file_transport = address_file + pipe_transport = address_pipe + reply_transport = address_reply + +procmail: + driver = accept + check_local_user + require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail + transport = procmail + no_verify + +autoreplay: + driver = accept + require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg + condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} + retry_use_local_part + transport = userautoreply + unseen + +aliases: + driver = redirect + headers_add = X-redirected: yes + data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + require_files = /etc/exim4/domains/$domain/aliases + redirect_router = dnslookup + pipe_transport = address_pipe + unseen + +localuser_fwd_only: + driver = accept + transport = devnull + condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} + +localuser: + driver = accept + transport = local_delivery + condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} + +catchall: + driver = redirect + headers_add = X-redirected: yes + require_files = /etc/exim4/domains/$domain/aliases + data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} + file_transport = local_delivery + redirect_router = dnslookup + +terminate_alias: + driver = accept + transport = devnull + condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + + + +###################################################################### +# TRANSPORTS CONFIGURATION # +###################################################################### +begin transports + +remote_smtp: + driver = smtp + #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} + #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" + dkim_domain = DKIM_DOMAIN + dkim_selector = mail + dkim_private_key = DKIM_PRIVATE_KEY + dkim_canon = relaxed + dkim_strict = 0 + hosts_try_fastopen = + hosts_try_chunking = !93.188.3.0/24 + message_linelength_limit = 1G + +procmail: + driver = pipe + command = "/usr/bin/procmail -d $local_part" + return_path_add + delivery_date_add + envelope_to_add + user = $local_part + initgroups + return_output + +local_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_warn_threshold = 75% + +local_spam_delivery: + driver = appendfile + maildir_format + maildir_use_size_file + user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} + group = mail + create_directory + directory_mode = 770 + mode = 660 + use_lockfile = no + delivery_date_add + envelope_to_add + return_path_add + directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" + quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M + quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" + quota_warn_threshold = 75% + +address_pipe: + driver = pipe + return_output + +address_file: + driver = appendfile + delivery_date_add + envelope_to_add + return_path_add + +address_reply: + driver = autoreply + +userautoreply: + driver = autoreply + file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg + from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" + headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit + subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" + to = "${sender_address}" + +devnull: + driver = appendfile + file = /dev/null + + + +###################################################################### +# RETRY CONFIGURATION # +###################################################################### +begin retry + +# Address or Domain Error Retries +# ----------------- ----- ------- +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + + +###################################################################### +# REWRITE CONFIGURATION # +###################################################################### +begin rewrite + + + +###################################################################### diff --git a/install/debian/12/exim/spam-blocks.conf b/install/debian/12/exim/spam-blocks.conf new file mode 100644 index 00000000..e69de29b diff --git a/install/debian/12/fail2ban/action.d/vesta.conf b/install/debian/12/fail2ban/action.d/vesta.conf new file mode 100644 index 00000000..0edfc349 --- /dev/null +++ b/install/debian/12/fail2ban/action.d/vesta.conf @@ -0,0 +1,9 @@ +# Fail2Ban configuration file for vesta + +[Definition] + +actionstart = /usr/local/vesta/bin/v-add-firewall-chain +actionstop = /usr/local/vesta/bin/v-delete-firewall-chain +actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' +actionban = /usr/local/vesta/bin/v-add-firewall-ban +actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/debian/12/fail2ban/filter.d/vesta.conf b/install/debian/12/fail2ban/filter.d/vesta.conf new file mode 100644 index 00000000..36ec1001 --- /dev/null +++ b/install/debian/12/fail2ban/filter.d/vesta.conf @@ -0,0 +1,10 @@ +# Fail2Ban filter for unsuccessful Vesta authentication attempts +# + +[INCLUDES] +before = common.conf + +[Definition] +failregex = .* failed to login +ignoreregex = + diff --git a/install/debian/12/fail2ban/jail.local b/install/debian/12/fail2ban/jail.local new file mode 100644 index 00000000..eccea068 --- /dev/null +++ b/install/debian/12/fail2ban/jail.local @@ -0,0 +1,39 @@ +[ssh-iptables] +enabled = true +filter = sshd +action = vesta[name=SSH] +logpath = /var/log/auth.log +maxretry = 5 + +[vsftpd-iptables] +enabled = false +filter = vsftpd +action = vesta[name=FTP] +logpath = /var/log/vsftpd.log +maxretry = 5 + +[exim-iptables] +enabled = true +filter = exim +action = vesta[name=MAIL] +logpath = /var/log/exim4/mainlog + +[dovecot-iptables] +enabled = true +filter = dovecot +action = vesta[name=MAIL] +logpath = /var/log/dovecot.log + +[mysqld-iptables] +enabled = false +filter = mysqld-auth +action = vesta[name=DB] +logpath = /var/log/mysql.log +maxretry = 5 + +[vesta-iptables] +enabled = true +filter = vesta +action = vesta[name=VESTA] +logpath = /var/log/vesta/auth.log +maxretry = 5 diff --git a/install/debian/12/firewall/ports.conf b/install/debian/12/firewall/ports.conf new file mode 100644 index 00000000..b730d012 --- /dev/null +++ b/install/debian/12/firewall/ports.conf @@ -0,0 +1,17 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='TCP' PORT='53' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8080' +PROTOCOL='TCP' PORT='8433' +PROTOCOL='TCP' PORT='8083' +PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/12/firewall/rules.conf b/install/debian/12/firewall/rules.conf new file mode 100644 index 00000000..6da5a1c4 --- /dev/null +++ b/install/debian/12/firewall/rules.conf @@ -0,0 +1,11 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='yes' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/debian/12/logrotate/apache2 b/install/debian/12/logrotate/apache2 new file mode 100644 index 00000000..27629d0d --- /dev/null +++ b/install/debian/12/logrotate/apache2 @@ -0,0 +1,19 @@ +/var/log/apache2/*.log /var/log/apache2/domains/*log { + weekly + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 root adm + sharedscripts + postrotate + /etc/init.d/apache2 reload > /dev/null || true + [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` + endscript + prerotate + if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ + run-parts /etc/logrotate.d/httpd-prerotate; \ + fi; \ + endscript +} diff --git a/install/debian/12/logrotate/dovecot b/install/debian/12/logrotate/dovecot new file mode 100644 index 00000000..ac4fd6e9 --- /dev/null +++ b/install/debian/12/logrotate/dovecot @@ -0,0 +1,12 @@ +/var/log/dovecot*.log { + weekly + rotate 4 + missingok + notifempty + compress + delaycompress + sharedscripts + postrotate + doveadm log reopen + endscript +} diff --git a/install/debian/12/logrotate/nginx b/install/debian/12/logrotate/nginx new file mode 100644 index 00000000..d667f213 --- /dev/null +++ b/install/debian/12/logrotate/nginx @@ -0,0 +1,13 @@ +/var/log/nginx/*log /var/log/nginx/domains/*log { + daily + missingok + rotate 52 + compress + delaycompress + notifempty + create 640 nginx adm + sharedscripts + postrotate + [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` + endscript +} diff --git a/install/debian/12/logrotate/vesta b/install/debian/12/logrotate/vesta new file mode 100644 index 00000000..027a3439 --- /dev/null +++ b/install/debian/12/logrotate/vesta @@ -0,0 +1,7 @@ +/usr/local/vesta/log/*.log { + missingok + notifempty + size 30k + yearly + create 0600 root root +} diff --git a/install/debian/12/mysql/my-large.cnf b/install/debian/12/mysql/my-large.cnf new file mode 100644 index 00000000..b056c316 --- /dev/null +++ b/install/debian/12/mysql/my-large.cnf @@ -0,0 +1,51 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 256M +max_allowed_packet = 32M +table_open_cache = 256 +sort_buffer_size = 1M +read_buffer_size = 1M +read_rnd_buffer_size = 4M +myisam_sort_buffer_size = 64M +thread_cache_size = 8 +query_cache_size= 16M +thread_concurrency = 8 + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=200 +max_user_connections=50 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/12/mysql/my-medium.cnf b/install/debian/12/mysql/my-medium.cnf new file mode 100644 index 00000000..33aa04c2 --- /dev/null +++ b/install/debian/12/mysql/my-medium.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16M +max_allowed_packet = 16M +table_open_cache = 64 +sort_buffer_size = 512K +net_buffer_length = 8K +read_buffer_size = 256K +read_rnd_buffer_size = 512K +myisam_sort_buffer_size = 8M + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=70 +max_user_connections=30 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/12/mysql/my-small.cnf b/install/debian/12/mysql/my-small.cnf new file mode 100644 index 00000000..857f48ce --- /dev/null +++ b/install/debian/12/mysql/my-small.cnf @@ -0,0 +1,49 @@ +[client] +default-character-set=utf8mb4 +port=3306 +socket=/var/run/mysqld/mysqld.sock + +[mysqld_safe] +socket=/var/run/mysqld/mysqld.sock + +[mysql] +default-character-set=utf8mb4 + +[mysqld] +collation-server = utf8mb4_unicode_520_ci +init-connect='SET NAMES utf8mb4' +character-set-server = utf8mb4 +user=mysql +pid-file=/var/run/mysqld/mysqld.pid +socket=/var/run/mysqld/mysqld.sock +port=3306 +basedir=/usr +datadir=/var/lib/mysql +tmpdir=/tmp +lc-messages-dir=/usr/share/mysql +log_error=/var/log/mysql/error.log + +symbolic-links=0 + +skip-external-locking +key_buffer_size = 16K +max_allowed_packet = 1M +table_open_cache = 4 +sort_buffer_size = 64K +read_buffer_size = 256K +read_rnd_buffer_size = 256K +net_buffer_length = 2K +thread_stack = 240K + +#innodb_use_native_aio = 0 +innodb_file_per_table + +max_connections=30 +max_user_connections=20 +wait_timeout=10 +interactive_timeout=50 +long_query_time=5 + +sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION + +!includedir /etc/mysql/conf.d/ diff --git a/install/debian/12/nginx/nginx.conf b/install/debian/12/nginx/nginx.conf new file mode 100644 index 00000000..6efe2337 --- /dev/null +++ b/install/debian/12/nginx/nginx.conf @@ -0,0 +1,140 @@ +# Server globals +user www-data; +worker_processes auto; +worker_rlimit_nofile 65535; +timer_resolution 50ms; #In order to free some CPU cycles +error_log /var/log/nginx/error.log crit; +pid /var/run/nginx.pid; + + +# Worker config +events { + worker_connections 1024; + use epoll; + multi_accept on; +} + + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 1m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + #access_log /var/log/nginx/access.log main; + access_log off; + + + # Mime settings + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; + gzip_proxied any; + gzip_disable "MSIE [1-6]\."; + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 900; + proxy_send_timeout 900; + proxy_read_timeout 900; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + + + # Cloudflare https://www.cloudflare.com/ips + set_real_ip_from 173.245.48.0/20; + set_real_ip_from 103.21.244.0/22; + set_real_ip_from 103.22.200.0/22; + set_real_ip_from 103.31.4.0/22; + set_real_ip_from 104.16.0.0/13; + set_real_ip_from 104.24.0.0/14; + set_real_ip_from 141.101.64.0/18; + set_real_ip_from 108.162.192.0/18; + set_real_ip_from 190.93.240.0/20; + set_real_ip_from 188.114.96.0/20; + set_real_ip_from 197.234.240.0/22; + set_real_ip_from 198.41.128.0/17; + set_real_ip_from 162.158.0.0/15; + set_real_ip_from 172.64.0.0/13; + set_real_ip_from 131.0.72.0/22; + set_real_ip_from 2400:cb00::/32; + set_real_ip_from 2606:4700::/32; + set_real_ip_from 2803:f800::/32; + set_real_ip_from 2405:b500::/32; + set_real_ip_from 2405:8100::/32; + set_real_ip_from 2a06:98c0::/29; + set_real_ip_from 2c0f:f248::/32; + real_ip_header CF-Connecting-IP; + + + # SSL PCI Compliance + ssl_session_cache shared:SSL:10m; + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; + + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Cache settings + proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; + proxy_cache_key "$host$request_uri $cookie_user"; + proxy_temp_path /var/cache/nginx/temp; + proxy_ignore_headers Expires Cache-Control; + proxy_cache_use_stale error timeout invalid_header http_502; + proxy_cache_valid any 1d; + + + # Cache bypass + map $http_cookie $no_cache { + default 0; + ~SESS 1; + ~wordpress_logged_in 1; + } + + + # File cache settings + open_file_cache max=10000 inactive=30s; + open_file_cache_valid 60s; + open_file_cache_min_uses 2; + open_file_cache_errors off; + + + # Wildcard include + include /etc/nginx/conf.d/*.conf; +} diff --git a/install/debian/12/nginx/phpmyadmin.inc b/install/debian/12/nginx/phpmyadmin.inc new file mode 100644 index 00000000..cdfc93c4 --- /dev/null +++ b/install/debian/12/nginx/phpmyadmin.inc @@ -0,0 +1,18 @@ +location /phpmyadmin { + alias /usr/share/phpmyadmin; + + location ~ /(libraries|setup) { + return 404; + } + + location ~ ^/phpmyadmin/(.*\.php)$ { + alias /usr/share/phpmyadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { + root /usr/share/; + } +} diff --git a/install/debian/12/nginx/phppgadmin.inc b/install/debian/12/nginx/phppgadmin.inc new file mode 100644 index 00000000..47cfcf4e --- /dev/null +++ b/install/debian/12/nginx/phppgadmin.inc @@ -0,0 +1,11 @@ +location /phppgadmin { + alias /usr/share/phppgadmin; + + location ~ ^/phppgadmin/(.*\.php)$ { + alias /usr/share/phppgadmin/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/12/nginx/status.conf b/install/debian/12/nginx/status.conf new file mode 100644 index 00000000..c0bcd069 --- /dev/null +++ b/install/debian/12/nginx/status.conf @@ -0,0 +1,9 @@ +server { + listen 127.0.0.1:8084 default; + server_name _; + server_name_in_redirect off; + location / { + stub_status on; + access_log off; + } +} diff --git a/install/debian/12/nginx/webmail.inc b/install/debian/12/nginx/webmail.inc new file mode 100644 index 00000000..768c9049 --- /dev/null +++ b/install/debian/12/nginx/webmail.inc @@ -0,0 +1,15 @@ +location /webmail { + alias /var/lib/roundcube; + + location ~ /(config|temp|logs) { + return 404; + } + + location ~ ^/webmail/(.*\.php)$ { + alias /var/lib/roundcube/$1; + fastcgi_pass 127.0.0.1:9000; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $request_filename; + } +} diff --git a/install/debian/12/packages/default.pkg b/install/debian/12/packages/default.pkg new file mode 100644 index 00000000..cd1cbba1 --- /dev/null +++ b/install/debian/12/packages/default.pkg @@ -0,0 +1,18 @@ +WEB_TEMPLATE='PHP-FPM-82' +PROXY_TEMPLATE='hosting' +DNS_TEMPLATE='default' +WEB_DOMAINS='unlimited' +WEB_ALIASES='unlimited' +DNS_DOMAINS='unlimited' +DNS_RECORDS='unlimited' +MAIL_DOMAINS='unlimited' +MAIL_ACCOUNTS='unlimited' +DATABASES='unlimited' +CRON_JOBS='unlimited' +DISK_QUOTA='unlimited' +BANDWIDTH='unlimited' +NS='YOURHOSTNAME1,YOURHOSTNAME2' +SHELL='nologin' +BACKUPS='2' +TIME='18:00:00' +DATE='2017-12-28' diff --git a/install/debian/12/pga/config.inc.php b/install/debian/12/pga/config.inc.php new file mode 100644 index 00000000..1eec9776 --- /dev/null +++ b/install/debian/12/pga/config.inc.php @@ -0,0 +1,159 @@ + diff --git a/install/debian/12/pga/phppgadmin.conf b/install/debian/12/pga/phppgadmin.conf new file mode 100644 index 00000000..f39247d6 --- /dev/null +++ b/install/debian/12/pga/phppgadmin.conf @@ -0,0 +1,31 @@ +Alias /phppgadmin /usr/share/phppgadmin + + + +DirectoryIndex index.php +AllowOverride None + +order deny,allow +deny from all +allow from 127.0.0.0/255.0.0.0 ::1/128 +allow from all + + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_value include_path . + + + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + AddType application/x-httpd-php .php + Action application/x-httpd-php /cgi-bin/php + + + + + diff --git a/install/debian/12/php-fpm/www.conf b/install/debian/12/php-fpm/www.conf new file mode 100644 index 00000000..3c87f33c --- /dev/null +++ b/install/debian/12/php-fpm/www.conf @@ -0,0 +1,11 @@ +[www] +listen = 127.0.0.1:9000 +listen.allowed_clients = 127.0.0.1 + +user = www-data +group = www-data + +pm = ondemand +pm.max_children = 2 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s diff --git a/install/debian/12/php/php7.3-dedi.patch b/install/debian/12/php/php7.3-dedi.patch new file mode 100644 index 00000000..c044e002 --- /dev/null +++ b/install/debian/12/php/php7.3-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/12/php/php7.3-vps.patch b/install/debian/12/php/php7.3-vps.patch new file mode 100644 index 00000000..803b93e8 --- /dev/null +++ b/install/debian/12/php/php7.3-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 ++++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 +@@ -312,7 +312,8 @@ + ; This directive allows you to disable certain functions for security reasons. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes for security reasons. + ; It receives a comma-delimited list of class names. +@@ -399,11 +400,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume (128MB) + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -690,7 +691,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -842,7 +843,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1087,7 +1088,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1791,20 +1792,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/12/php/php7.4-dedi.patch b/install/debian/12/php/php7.4-dedi.patch new file mode 100644 index 00000000..3e5bd2fb --- /dev/null +++ b/install/debian/12/php/php7.4-dedi.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:25:15.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=2048 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/12/php/php7.4-vps.patch b/install/debian/12/php/php7.4-vps.patch new file mode 100644 index 00000000..7c52d402 --- /dev/null +++ b/install/debian/12/php/php7.4-vps.patch @@ -0,0 +1,78 @@ +--- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 ++++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:24:26.000000000 +0200 +@@ -309,7 +309,8 @@ + ; This directive allows you to disable certain functions. + ; It receives a comma-delimited list of function names. + ; http://php.net/disable-functions +-disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen + + ; This directive allows you to disable certain classes. + ; It receives a comma-delimited list of class names. +@@ -402,11 +403,11 @@ + ;max_input_nesting_level = 64 + + ; How many GET/POST/COOKIE input variables may be accepted +-;max_input_vars = 1000 ++max_input_vars = 6000 + + ; Maximum amount of memory a script may consume + ; http://php.net/memory-limit +-memory_limit = 128M ++memory_limit = 256M + + ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + ; Error handling and logging ; +@@ -691,7 +692,7 @@ + ; Its value may be 0 to disable the limit. It is ignored if POST data reading + ; is disabled through enable_post_data_reading. + ; http://php.net/post-max-size +-post_max_size = 8M ++post_max_size = 60M + + ; Automatically add files before PHP document. + ; http://php.net/auto-prepend-file +@@ -843,7 +844,7 @@ + + ; Maximum allowed size for uploaded files. + ; http://php.net/upload-max-filesize +-upload_max_filesize = 2M ++upload_max_filesize = 50M + + ; Maximum number of files that can be uploaded via a single request + max_file_uploads = 20 +@@ -1089,7 +1090,7 @@ + + ; The path to a log file that will log all mail() calls. Log entries include + ; the full path of the script, line number, To address and headers. +-;mail.log = ++mail.log = /var/log/php-mail.log + ; Log mail to syslog (Event Log on Windows). + ;mail.log = syslog + +@@ -1766,20 +1767,20 @@ + + [opcache] + ; Determines if Zend OPCache is enabled +-;opcache.enable=1 ++opcache.enable=1 + + ; Determines if Zend OPCache is enabled for the CLI version of PHP +-;opcache.enable_cli=0 ++opcache.enable_cli=0 + + ; The OPcache shared memory storage size. +-;opcache.memory_consumption=128 ++opcache.memory_consumption=512 + + ; The amount of memory for interned strings in Mbytes. + ;opcache.interned_strings_buffer=8 + + ; The maximum number of keys (scripts) in the OPcache hash table. + ; Only numbers between 200 and 1000000 are allowed. +-;opcache.max_accelerated_files=10000 ++opcache.max_accelerated_files=100000 + + ; The maximum percentage of "wasted" memory until a restart is scheduled. + ;opcache.max_wasted_percentage=5 diff --git a/install/debian/12/pma/apache.conf b/install/debian/12/pma/apache.conf new file mode 100644 index 00000000..2a8f69e2 --- /dev/null +++ b/install/debian/12/pma/apache.conf @@ -0,0 +1,42 @@ +# phpMyAdmin default Apache configuration + +Alias /phpmyadmin /usr/share/phpmyadmin + + + Options FollowSymLinks + DirectoryIndex index.php + + + AddType application/x-httpd-php .php + + php_flag magic_quotes_gpc Off + php_flag track_vars On + php_flag register_globals Off + php_admin_flag allow_url_fopen Off + php_value include_path . + php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp + php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext + + + + +# Authorize for setup + + + AuthType Basic + AuthName "phpMyAdmin Setup" + AuthUserFile /etc/phpmyadmin/htpasswd.setup + + Require valid-user + + +# Disallow web access to directories that don't need it + + Order Deny,Allow + Deny from All + + + Order Deny,Allow + Deny from All + + diff --git a/install/debian/12/pma/config.inc.php b/install/debian/12/pma/config.inc.php new file mode 100644 index 00000000..eafc6d67 --- /dev/null +++ b/install/debian/12/pma/config.inc.php @@ -0,0 +1,146 @@ +> $pmapath1 +sed -i '/savedsearches/d' $pmapath1 +sed -i '/navigationhiding/d' $pmapath1 +sed -i '/users/d' $pmapath1 +sed -i '/controlpass/d' $pmapath1 +sed -i '/favorite/d' $pmapath1 +sed -i '/usergroups/d' $pmapath1 +sed -i '/central_columns/d' $pmapath1 +sed -i '/designer_settings/d' $pmapath1 +sed -i '/export_templates/d' $pmapath1 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1 + +sed -i '/pmadb/d' $pmapath2 +sed -i '/controluser/d' $pmapath2 +sed -i '/bookmarktable/d' $pmapath2 +sed -i '/relation/d' $pmapath2 +sed -i '/userconfig/d' $pmapath2 +sed -i '/table_info/d' $pmapath2 +sed -i '/column_info/d' $pmapath2 +sed -i '/history/d' $pmapath2 +sed -i '/recent/d' $pmapath2 +sed -i '/table_uiprefs/d' $pmapath2 +sed -i '/tracking/d' $pmapath2 +sed -i '/table_coords/d' $pmapath2 +sed -i '/pdf_pages/d' $pmapath2 +sed -i '/designer_coords/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/savedsearches/d' $pmapath2 +sed -i '/navigationhiding/d' $pmapath2 +sed -i '/users/d' $pmapath2 +sed -i '/controlpass/d' $pmapath2 +sed -i '/favorite/d' $pmapath2 +sed -i '/usergroups/d' $pmapath2 +sed -i '/central_columns/d' $pmapath2 +sed -i '/designer_settings/d' $pmapath2 +sed -i '/export_templates/d' $pmapath2 +echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2 +echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2 + +#SOME WORK with DATABASE (table / user) +PMADB=phpmyadmin +PMAUSER=pma + +#DROP USER and TABLE +mysql -uroot < + VRootEngine on + VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf + + +AuthPAMConfig proftpd +AuthOrder mod_auth_pam.c* mod_auth_unix.c +UseReverseDNS off +User proftpd +Group nogroup +MaxInstances 100 +UseSendfile off +LogFormat default "%h %l %u %t \"%r\" %s %b" +LogFormat auth "%v [%P] %h %t \"%r\" %s" +ListOptions -a +RequireValidShell off +PassivePorts 12000 12100 +TransferLog /var/log/proftpd/xferlog +SystemLog /var/log/proftpd/proftpd.log + + + Umask 002 + + IdentLookups off + + AllowOverwrite yes + + AllowAll + + diff --git a/install/debian/12/proftpd/tls.conf b/install/debian/12/proftpd/tls.conf new file mode 100644 index 00000000..9da0017b --- /dev/null +++ b/install/debian/12/proftpd/tls.conf @@ -0,0 +1,63 @@ +# +# Proftpd sample configuration for FTPS connections. +# +# Note that FTPS impose some limitations in NAT traversing. +# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html +# for more information. +# + + # If mod_tls was built as a shared/DSO module, load it + LoadModule mod_tls.c + + +TLSEngine on +TLSLog /var/log/proftpd/tls.log +# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 +TLSProtocol TLSv1.1 TLSv1.2 +# +# Server SSL certificate. You can generate a self-signed certificate using +# a command like: +# +# openssl req -x509 -newkey rsa:1024 \ +# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ +# -nodes -days 365 +# +# The proftpd.key file must be readable by root only. The other file can be +# readable by anyone. +# +# chmod 0600 /etc/ssl/private/proftpd.key +# chmod 0640 /etc/ssl/private/proftpd.key +# +TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt +TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key +# +# CA the server trusts... +#TLSCACertificateFile /etc/ssl/certs/CA.pem +# ...or avoid CA cert and be verbose +#TLSOptions NoCertRequest EnableDiags +# ... or the same with relaxed session use for some clients (e.g. FireFtp) +#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired +# +# +# Per default drop connection if client tries to start a renegotiate +# This is a fix for CVE-2009-3555 but could break some clients. +# +#TLSOptions AllowClientRenegotiations +# +TLSOptions NoSessionReuseRequired AllowClientRenegotiations +# Authenticate clients that want to use FTP over TLS? +# +#TLSVerifyClient off +# +# Are clients required to use FTP over TLS when talking to this server? +# +TLSRequired off +# +# Allow SSL/TLS renegotiations when the client requests them, but +# do not force the renegotations. Some clients do not support +# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these +# clients will close the data connection, or there will be a timeout +# on an idle data connection. +# +TLSRenegotiate required off + diff --git a/install/debian/12/roundcube/apache.conf b/install/debian/12/roundcube/apache.conf new file mode 100644 index 00000000..a0c87bcc --- /dev/null +++ b/install/debian/12/roundcube/apache.conf @@ -0,0 +1,40 @@ +Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ +Alias /roundcube /var/lib/roundcube +Alias /webmail /var/lib/roundcube + +# Access to tinymce files + + Options Indexes MultiViews FollowSymLinks + AllowOverride None + Order allow,deny + allow from all + + + + Options +FollowSymLinks + # This is needed to parse /var/lib/roundcube/.htaccess. See its + # content before setting AllowOverride to None. + AllowOverride All + order allow,deny + allow from all + + +# Protecting basic directories: + + Options -FollowSymLinks + AllowOverride None + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + + + + Options -FollowSymLinks + AllowOverride None + Order allow,deny + Deny from all + diff --git a/install/debian/12/roundcube/config.inc.php b/install/debian/12/roundcube/config.inc.php new file mode 100644 index 00000000..0c82b1bc --- /dev/null +++ b/install/debian/12/roundcube/config.inc.php @@ -0,0 +1,33 @@ + diff --git a/install/debian/12/roundcube/main.inc.php b/install/debian/12/roundcube/main.inc.php new file mode 100644 index 00000000..91f32000 --- /dev/null +++ b/install/debian/12/roundcube/main.inc.php @@ -0,0 +1,850 @@ +/sendmail or to syslog +$rcmail_config['smtp_log'] = true; + +// Log successful logins to /userlogins or to syslog +$rcmail_config['log_logins'] = false; + +// Log session authentication errors to /session or to syslog +$rcmail_config['log_session'] = false; + +// Log SQL queries to /sql or to syslog +$rcmail_config['sql_debug'] = false; + +// Log IMAP conversation to /imap or to syslog +$rcmail_config['imap_debug'] = false; + +// Log LDAP conversation to /ldap or to syslog +$rcmail_config['ldap_debug'] = false; + +// Log SMTP conversation to /smtp or to syslog +$rcmail_config['smtp_debug'] = false; + +// ---------------------------------- +// IMAP +// ---------------------------------- + +// the mail host chosen to perform the log-in +// leave blank to show a textbox at login, give a list of hosts +// to display a pulldown menu or set one host as string. +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// Supported replacement variables: +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %s - domain name after the '@' from e-mail address provided at login screen +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['default_host'] = 'localhost'; + +// TCP port used for IMAP connections +$rcmail_config['default_port'] = 143; + +// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['imap_auth_type'] = null; + +// If you know your imap's folder delimiter, you can specify it here. +// Otherwise it will be determined automatically +$rcmail_config['imap_delimiter'] = null; + +// If IMAP server doesn't support NAMESPACE extension, but you're +// using shared folders or personal root folder is non-empty, you'll need to +// set these options. All can be strings or arrays of strings. +// Folders need to be ended with directory separator, e.g. "INBOX." +// (special directory "~" is an exception to this rule) +// These can be used also to overwrite server's namespaces +$rcmail_config['imap_ns_personal'] = null; +$rcmail_config['imap_ns_other'] = null; +$rcmail_config['imap_ns_shared'] = null; + +// By default IMAP capabilities are readed after connection to IMAP server +// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list +// after login. Set to True if you've got this case. +$rcmail_config['imap_force_caps'] = false; + +// By default list of subscribed folders is determined using LIST-EXTENDED +// extension if available. Some servers (dovecot 1.x) returns wrong results +// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 +// Enable this option to force LSUB command usage instead. +$rcmail_config['imap_force_lsub'] = false; + +// Some server configurations (e.g. Courier) doesn't list folders in all namespaces +// Enable this option to force listing of folders in all namespaces +$rcmail_config['imap_force_ns'] = false; + +// IMAP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['imap_timeout'] = 0; + +// Optional IMAP authentication identifier to be used as authorization proxy +$rcmail_config['imap_auth_cid'] = null; + +// Optional IMAP authentication password to be used for imap_auth_cid +$rcmail_config['imap_auth_pw'] = null; + +// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. +$rcmail_config['imap_cache'] = null; + +// Enables messages cache. Only 'db' cache is supported. +$rcmail_config['messages_cache'] = false; + + +// ---------------------------------- +// SMTP +// ---------------------------------- + +// SMTP server host (for sending mails). +// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// +// If left blank, the PHP mail() function is used +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['smtp_server'] = ''; + +// SMTP port (default is 25; use 587 for STARTTLS or 465 for the +// deprecated SSL over SMTP (aka SMTPS)) +$rcmail_config['smtp_port'] = 25; + +// SMTP username (if required) if you use %u as the username Roundcube +// will use the current username for login +$rcmail_config['smtp_user'] = ''; + +// SMTP password (if required) if you use %p as the password Roundcube +// will use the current user's password for login +$rcmail_config['smtp_pass'] = ''; + +// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use +// best server supported one) +$rcmail_config['smtp_auth_type'] = ''; + +// Optional SMTP authentication identifier to be used as authorization proxy +$rcmail_config['smtp_auth_cid'] = null; + +// Optional SMTP authentication password to be used for smtp_auth_cid +$rcmail_config['smtp_auth_pw'] = null; + +// SMTP HELO host +// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages +// Leave this blank and you will get the server variable 'server_name' or +// localhost if that isn't defined. +$rcmail_config['smtp_helo_host'] = ''; + +// SMTP connection timeout, in seconds. Default: 0 (no limit) +$rcmail_config['smtp_timeout'] = 0; + +// ---------------------------------- +// SYSTEM +// ---------------------------------- +include_once("/etc/roundcube/debian-db-roundcube.php"); + + +// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. +// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! +$rcmail_config['enable_installer'] = false; + +// provide an URL where a user can get support for this Roundcube installation +// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! +$rcmail_config['support_url'] = ''; + +// replace Roundcube logo with this image +// specify an URL relative to the document root of this Roundcube installation +$rcmail_config['skin_logo'] = null; + +// automatically create a new Roundcube user when log-in the first time. +// a new user will be created once the IMAP login succeeds. +// set to false if only registered users can use this service +$rcmail_config['auto_create_user'] = true; + +// use this folder to store log files (must be writeable for apache user) +// This is used by the 'file' log driver. +$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; + +// use this folder to store temp files (must be writeable for apache user) +$rcmail_config['temp_dir'] = '/tmp'; + +// lifetime of message cache +// possible units: s, m, h, d, w +$rcmail_config['message_cache_lifetime'] = '10d'; + +// enforce connections over https +// with this option enabled, all non-secure connections will be redirected. +// set the port for the ssl connection as value of this option if it differs from the default 443 +$rcmail_config['force_https'] = true; + +// tell PHP that it should work as under secure connection +// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) +// e.g. when you're running Roundcube behind a https proxy +// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. +$rcmail_config['use_https'] = false; + +// Allow browser-autocompletion on login form. +// 0 - disabled, 1 - username and host only, 2 - username, host, password +$rcmail_config['login_autocomplete'] = 0; + +// Forces conversion of logins to lower case. +// 0 - disabled, 1 - only domain part, 2 - domain and local part. +// If users authentication is not case-sensitive this must be enabled. +// After enabling it all user records need to be updated, e.g. with query: +// UPDATE users SET username = LOWER(username); +$rcmail_config['login_lc'] = 0; + +// Includes should be interpreted as PHP files +$rcmail_config['skin_include_php'] = false; + +// display software version on login screen +$rcmail_config['display_version'] = false; + +// Session lifetime in minutes +// must be greater than 'keep_alive'/60 +$rcmail_config['session_lifetime'] = 10; + +// session domain: .example.org +$rcmail_config['session_domain'] = ''; + +// session name. Default: 'roundcube_sessid' +$rcmail_config['session_name'] = null; + +// Backend to use for session storage. Can either be 'db' (default) or 'memcache' +// If set to memcache, a list of servers need to be specified in 'memcache_hosts' +// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed +$rcmail_config['session_storage'] = 'db'; + +// Use these hosts for accessing memcached +// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file +$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); + +// check client IP in session athorization +$rcmail_config['ip_check'] = false; + +// check referer of incoming requests +$rcmail_config['referer_check'] = false; + +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_config['x_frame_options'] = 'sameorigin'; + +// this key is used to encrypt the users imap password which is stored +// in the session record (and the client cookie if remember password is enabled). +// please provide a string of exactly 24 chars. +$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; + +// Automatically add this domain to user names for login +// Only for IMAP servers that require full e-mail addresses for login +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['username_domain'] = ''; + +// This domain will be used to form e-mail addresses of new users +// Specify an array with 'host' => 'domain' values to support multiple hosts +// Supported replacement variables: +// %h - user's IMAP hostname +// %n - http hostname ($_SERVER['SERVER_NAME']) +// %d - domain (http hostname without the first part) +// %z - IMAP domain (IMAP hostname without the first part) +// For example %n = mail.domain.tld, %d = domain.tld +$rcmail_config['mail_domain'] = ''; + +// Password charset. +// Use it if your authentication backend doesn't support UTF-8. +// Defaults to ISO-8859-1 for backward compatibility +$rcmail_config['password_charset'] = 'ISO-8859-1'; + +// How many seconds must pass between emails sent by a user +$rcmail_config['sendmail_delay'] = 0; + +// Maximum number of recipients per message. Default: 0 (no limit) +$rcmail_config['max_recipients'] = 0; + +// Maximum allowednumber of members of an address group. Default: 0 (no limit) +// If 'max_recipients' is set this value should be less or equal +$rcmail_config['max_group_members'] = 0; + +// add this user-agent to message headers when sending +$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; + +// use this name to compose page titles +$rcmail_config['product_name'] = 'Roundcube Webmail'; + +// try to load host-specific configuration +// see http://trac.roundcube.net/wiki/Howto_Config for more details +$rcmail_config['include_host_config'] = false; + +// path to a text file which will be added to each sent message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer'] = ''; + +// path to a text file which will be added to each sent HTML message +// paths are relative to the Roundcube root folder +$rcmail_config['generic_message_footer_html'] = ''; + +// add a received header to outgoing mails containing the creators IP and hostname +$rcmail_config['http_received_header'] = false; + +// Whether or not to encrypt the IP address and the host name +// these could, in some circles, be considered as sensitive information; +// however, for the administrator, these could be invaluable help +// when tracking down issues. +$rcmail_config['http_received_header_encrypt'] = false; + +// This string is used as a delimiter for message headers when sending +// a message via mail() function. Leave empty for auto-detection +$rcmail_config['mail_header_delimiter'] = NULL; + +// number of chars allowed for line when wrapping text. +// text wrapping is done when composing/sending messages +$rcmail_config['line_length'] = 72; + +// send plaintext messages as format=flowed +$rcmail_config['send_format_flowed'] = true; + +// don't allow these settings to be overriden by the user +$rcmail_config['dont_override'] = array(); + +// Set identities access level: +// 0 - many identities with possibility to edit all params +// 1 - many identities with possibility to edit all params but not email address +// 2 - one identity with possibility to edit all params +// 3 - one identity with possibility to edit all params but not email address +$rcmail_config['identities_level'] = 0; + +// Mimetypes supported by the browser. +// attachments of these types will open in a preview window +// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' +$rcmail_config['client_mimetypes'] = null; # null == default + +// mime magic database +$rcmail_config['mime_magic'] = null; + +// path to imagemagick identify binary +$rcmail_config['im_identify_path'] = null; + +// path to imagemagick convert binary +$rcmail_config['im_convert_path'] = null; + +// maximum size of uploaded contact photos in pixel +$rcmail_config['contact_photo_size'] = 160; + +// Enable DNS checking for e-mail address validation +$rcmail_config['email_dns_check'] = false; + +// ---------------------------------- +// PLUGINS +// ---------------------------------- + +// List of active plugins (in plugins/ directory) +$rcmail_config['plugins'] = array('password'); + +// ---------------------------------- +// USER INTERFACE +// ---------------------------------- + +// default messages sort column. Use empty value for default server's sorting, +// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' +$rcmail_config['message_sort_col'] = ''; + +// default messages sort order +$rcmail_config['message_sort_order'] = 'DESC'; + +// These cols are shown in the message list. Available cols are: +// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' +$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); + +// the default locale setting (leave empty for auto-detection) +// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR +$rcmail_config['language'] = null; + +// use this format for date display (date or strftime format) +$rcmail_config['date_format'] = 'Y-m-d'; + +// give this choice of date formats to the user to select from +$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); + +// use this format for time display (date or strftime format) +$rcmail_config['time_format'] = 'H:i'; + +// give this choice of time formats to the user to select from +$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); + +// use this format for short date display (derived from date_format and time_format) +$rcmail_config['date_short'] = 'D H:i'; + +// use this format for detailed date/time formatting (derived from date_format and time_format) +$rcmail_config['date_long'] = 'Y-m-d H:i'; + +// store draft message is this mailbox +// leave blank if draft messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['drafts_mbox'] = 'Drafts'; + +// store spam messages in this mailbox +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['junk_mbox'] = 'Spam'; + +// store sent message is this mailbox +// leave blank if sent messages should not be stored +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['sent_mbox'] = 'Sent'; + +// move messages to this folder when deleting them +// leave blank if they should be deleted directly +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['trash_mbox'] = 'Trash'; + +// display these folders separately in the mailbox list. +// these folders will also be displayed with localized names +// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) +$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); +$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); + +// automatically create the above listed default folders on first login +$rcmail_config['create_default_folders'] = true; + +// protect the default folders from renames, deletes, and subscription changes +$rcmail_config['protect_default_folders'] = true; + +// if in your system 0 quota means no limit set this option to true +$rcmail_config['quota_zero_as_unlimited'] = false; + +// Make use of the built-in spell checker. It is based on GoogieSpell. +// Since Google only accepts connections over https your PHP installatation +// requires to be compiled with Open SSL support +$rcmail_config['enable_spellcheck'] = true; + +// Enables spellchecker exceptions dictionary. +// Setting it to 'shared' will make the dictionary shared by all users. +$rcmail_config['spellcheck_dictionary'] = false; + +// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, +// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. +$rcmail_config['spellcheck_engine'] = 'googie'; + +// For a locally installed Nox Spell Server, please specify the URI to call it. +// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 +// Leave empty to use the Google spell checking service, what means +// that the message content will be sent to Google in order to check spelling +$rcmail_config['spellcheck_uri'] = ''; + +// These languages can be selected for spell checking. +// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); +// Leave empty for default set of available language. +$rcmail_config['spellcheck_languages'] = NULL; + +// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) +$rcmail_config['spellcheck_ignore_caps'] = false; + +// Makes that words with numbers will be ignored (e.g. g00gle) +$rcmail_config['spellcheck_ignore_nums'] = false; + +// Makes that words with symbols will be ignored (e.g. g@@gle) +$rcmail_config['spellcheck_ignore_syms'] = false; + +// Use this char/string to separate recipients when composing a new message +$rcmail_config['recipients_separator'] = ','; + +// don't let users set pagesize to more than this value if set +$rcmail_config['max_pagesize'] = 200; + +// Minimal value of user's 'keep_alive' setting (in seconds) +// Must be less than 'session_lifetime' +$rcmail_config['min_keep_alive'] = 60; + +// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. +// By default refresh time is set to 1 second. You can set this value to true +// or any integer value indicating number of seconds. +$rcmail_config['upload_progress'] = false; + +// Specifies for how many seconds the Undo button will be available +// after object delete action. Currently used with supporting address book sources. +// Setting it to 0, disables the feature. +$rcmail_config['undo_timeout'] = 0; + +// ---------------------------------- +// ADDRESSBOOK SETTINGS +// ---------------------------------- + +// This indicates which type of address book to use. Possible choises: +// 'sql' (default) and 'ldap'. +// If set to 'ldap' then it will look at using the first writable LDAP +// address book as the primary address book and it will not display the +// SQL address book in the 'Address Book' view. +$rcmail_config['address_book_type'] = 'sql'; + +// In order to enable public ldap search, configure an array like the Verisign +// example further below. if you would like to test, simply uncomment the example. +// Array key must contain only safe characters, ie. a-zA-Z0-9_ +$rcmail_config['ldap_public'] = array(); + +// If you are going to use LDAP for individual address books, you will need to +// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. +// +// The recommended directory structure for LDAP is to store all the address book entries +// under the users main entry, e.g.: +// +// o=root +// ou=people +// uid=user@domain +// mail=contact@contactdomain +// +// So the base_dn would be uid=%fu,ou=people,o=root +// The bind_dn would be the same as based_dn or some super user login. +/* + * example config for Verisign directory + * +$rcmail_config['ldap_public']['Verisign'] = array( + 'name' => 'Verisign.com', + // Replacement variables supported in host names: + // %h - user's IMAP hostname + // %n - http hostname ($_SERVER['SERVER_NAME']) + // %d - domain (http hostname without the first part) + // %z - IMAP domain (IMAP hostname without the first part) + // For example %n = mail.domain.tld, %d = domain.tld + 'hosts' => array('directory.verisign.com'), + 'port' => 389, + 'use_tls' => false, + 'ldap_version' => 3, // using LDAPv3 + 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. + // %fu - The full username provided, assumes the username is an email + // address, uses the username_domain value if not an email address. + // %u - The username prior to the '@'. + // %d - The domain name after the '@'. + // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" + // %dn - DN found by ldap search when search_filter/search_base_dn are used + 'base_dn' => '', + 'bind_dn' => '', + 'bind_pass' => '', + // It's possible to bind for an individual address book + // The login name is used to search for the DN to bind with + 'search_base_dn' => '', + 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' + // DN and password to bind as before searching for bind DN, if anonymous search is not allowed + 'search_bind_dn' => '', + 'search_bind_pw' => '', + // Default for %dn variable if search doesn't return DN value + 'search_dn_default' => '', + // Optional authentication identifier to be used as SASL authorization proxy + // bind_dn need to be empty + 'auth_cid' => '', + // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 + 'auth_method' => '', + // Indicates if the addressbook shall be hidden from the list. + // With this option enabled you can still search/view contacts. + 'hidden' => false, + // Indicates if the addressbook shall not list contacts but only allows searching. + 'searchonly' => false, + // Indicates if we can write to the LDAP directory or not. + // If writable is true then these fields need to be populated: + // LDAP_Object_Classes, required_fields, LDAP_rdn + 'writable' => false, + // To create a new contact these are the object classes to specify + // (or any other classes you wish to use). + 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), + // The RDN field that is used for new entries, this field needs + // to be one of the search_fields, the base of base_dn is appended + // to the RDN to insert into the LDAP directory. + 'LDAP_rdn' => 'cn', + // The required fields needed to build a new contact as required by + // the object classes (can include additional fields not required by the object classes). + 'required_fields' => array('cn', 'sn', 'mail'), + 'search_fields' => array('mail', 'cn'), // fields to search in + // mapping of contact fields to directory attributes + // for every attribute one can specify the number of values (limit) allowed. + // default is 1, a wildcard * means unlimited + 'fieldmap' => array( + // Roundcube => LDAP:limit + 'name' => 'cn', + 'surname' => 'sn', + 'firstname' => 'givenName', + 'title' => 'title', + 'email' => 'mail:*', + 'phone:home' => 'homePhone', + 'phone:work' => 'telephoneNumber', + 'phone:mobile' => 'mobile', + 'phone:pager' => 'pager', + 'street' => 'street', + 'zipcode' => 'postalCode', + 'region' => 'st', + 'locality' => 'l', +// if you uncomment country, you need to modify 'sub_fields' above +// 'country' => 'c', + 'department' => 'departmentNumber', + 'notes' => 'description', +// these currently don't work: +// 'phone:workfax' => 'facsimileTelephoneNumber', +// 'photo' => 'jpegPhoto', +// 'organization' => 'o', +// 'manager' => 'manager', +// 'assistant' => 'secretary', + ), + // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' + 'sub_fields' => array(), + 'sort' => 'cn', // The field to sort the listing by. + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act + 'fuzzy_search' => true, // server allows wildcard search + 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) + 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting + 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. + 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. + 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups + + // definition for contact groups (uncomment if no groups are supported) + // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) + // if the groups base_dn is empty, the contact base_dn is used for the groups as well + // -> in this case, assure that groups and contacts are separated due to the concernig filters! + 'groups' => array( + 'base_dn' => '', + 'scope' => 'sub', // search mode: sub|base|list + 'filter' => '(objectClass=groupOfNames)', + 'object_classes' => array("top", "groupOfNames"), + 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember + 'name_attr' => 'cn', // attribute to be used as group name + ), +); +*/ + +// An ordered array of the ids of the addressbooks that should be searched +// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); +$rcmail_config['autocomplete_addressbooks'] = array('sql'); + +// The minimum number of characters required to be typed in an autocomplete field +// before address books will be searched. Most useful for LDAP directories that +// may need to do lengthy results building given overly-broad searches +$rcmail_config['autocomplete_min_length'] = 1; + +// Number of parallel autocomplete requests. +// If there's more than one address book, n parallel (async) requests will be created, +// where each request will search in one address book. By default (0), all address +// books are searched in one request. +$rcmail_config['autocomplete_threads'] = 0; + +// Max. numer of entries in autocomplete popup. Default: 15. +$rcmail_config['autocomplete_max'] = 15; + +// show address fields in this order +// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} +$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; + +// Matching mode for addressbook search (including autocompletion) +// 0 - partial (*abc*), default +// 1 - strict (abc) +// 2 - prefix (abc*) +// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode +$rcmail_config['addressbook_search_mode'] = 0; + +// ---------------------------------- +// USER PREFERENCES +// ---------------------------------- + +// Use this charset as fallback for message decoding +//$rcmail_config['default_charset'] = 'ISO-8859-1'; +$rcmail_config['default_charset'] = 'UTF-8'; + +// skin name: folder from skins/ +$rcmail_config['skin'] = 'elastic'; + +// show up to X items in messages list view +$rcmail_config['mail_pagesize'] = 50; + +// show up to X items in contacts list view +$rcmail_config['addressbook_pagesize'] = 50; + +// sort contacts by this col (preferably either one of name, firstname, surname) +$rcmail_config['addressbook_sort_col'] = 'surname'; + +// the way how contact names are displayed in the list +// 0: display name +// 1: (prefix) firstname middlename surname (suffix) +// 2: (prefix) surname firstname middlename (suffix) +// 3: (prefix) surname, firstname middlename (suffix) +$rcmail_config['addressbook_name_listing'] = 0; + +// use this timezone to display date/time +// valid timezone identifers are listed here: php.net/manual/en/timezones.php +// 'auto' will use the browser's timezone settings +$rcmail_config['timezone'] = 'auto'; + +// prefer displaying HTML messages +$rcmail_config['prefer_html'] = true; + +// display remote inline images +// 0 - Never, always ask +// 1 - Ask if sender is not in address book +// 2 - Always show inline images +$rcmail_config['show_images'] = 0; + +// compose html formatted messages by default +// 0 - never, 1 - always, 2 - on reply to HTML message only +$rcmail_config['htmleditor'] = 0; + +// show pretty dates as standard +$rcmail_config['prettydate'] = true; + +// save compose message every 300 seconds (5min) +$rcmail_config['draft_autosave'] = 300; + +// default setting if preview pane is enabled +$rcmail_config['preview_pane'] = false; + +// Mark as read when viewed in preview pane (delay in seconds) +// Set to -1 if messages in preview pane should not be marked as read +$rcmail_config['preview_pane_mark_read'] = 0; + +// Clear Trash on logout +$rcmail_config['logout_purge'] = false; + +// Compact INBOX on logout +$rcmail_config['logout_expunge'] = false; + +// Display attached images below the message body +$rcmail_config['inline_images'] = true; + +// Encoding of long/non-ascii attachment names: +// 0 - Full RFC 2231 compatible +// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) +// 2 - Full 2047 compatible +$rcmail_config['mime_param_folding'] = 1; + +// Set true if deleted messages should not be displayed +// This will make the application run slower +$rcmail_config['skip_deleted'] = false; + +// Set true to Mark deleted messages as read as well as deleted +// False means that a message's read status is not affected by marking it as deleted +$rcmail_config['read_when_deleted'] = true; + +// Set to true to never delete messages immediately +// Use 'Purge' to remove messages marked as deleted +$rcmail_config['flag_for_deletion'] = false; + +// Default interval for keep-alive/check-recent requests (in seconds) +// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' +$rcmail_config['keep_alive'] = 60; + +// If true all folders will be checked for recent messages +$rcmail_config['check_all_folders'] = false; + +// If true, after message delete/move, the next message will be displayed +$rcmail_config['display_next'] = false; + +// 0 - Do not expand threads +// 1 - Expand all threads automatically +// 2 - Expand only threads with unread messages +$rcmail_config['autoexpand_threads'] = 0; + +// When replying place cursor above original message (top posting) +$rcmail_config['top_posting'] = false; + +// When replying strip original signature from message +$rcmail_config['strip_existing_sig'] = true; + +// Show signature: +// 0 - Never +// 1 - Always +// 2 - New messages only +// 3 - Forwards and Replies only +$rcmail_config['show_sig'] = 1; + +// When replying or forwarding place sender's signature above existing message +$rcmail_config['sig_above'] = false; + +// Use MIME encoding (quoted-printable) for 8bit characters in message body +$rcmail_config['force_7bit'] = false; + +// Defaults of the search field configuration. +// The array can contain a per-folder list of header fields which should be considered when searching +// The entry with key '*' stands for all folders which do not have a specific list set. +// Please note that folder names should to be in sync with $rcmail_config['default_folders'] +$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); + +// Defaults of the addressbook search field configuration. +$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); + +// 'Delete always' +// This setting reflects if mail should be always deleted +// when moving to Trash fails. This is necessary in some setups +// when user is over quota and Trash is included in the quota. +$rcmail_config['delete_always'] = false; + +// Directly delete messages in Junk instead of moving to Trash +$rcmail_config['delete_junk'] = true; + +// Behavior if a received message requests a message delivery notification (read receipt) +// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) +// 3 = send automatically if sender is in addressbook, otherwise ask the user +// 4 = send automatically if sender is in addressbook, otherwise ignore +$rcmail_config['mdn_requests'] = 0; + +// Return receipt checkbox default state +$rcmail_config['mdn_default'] = 0; + +// Delivery Status Notification checkbox default state +$rcmail_config['dsn_default'] = 0; + +// Place replies in the folder of the message being replied to +$rcmail_config['reply_same_folder'] = false; + +// Sets default mode of Forward feature to "forward as attachment" +$rcmail_config['forward_attachment'] = false; + +// Defines address book (internal index) to which new contacts will be added +// By default it is the first writeable addressbook. +// Note: Use '0' for built-in address book. +$rcmail_config['default_addressbook'] = null; + +// Enables spell checking before sending a message. +$rcmail_config['spellcheck_before_send'] = false; + +// Skip alternative email addresses in autocompletion (show one address per contact) +$rcmail_config['autocomplete_single'] = false; + +// Default font for composed HTML message. +// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, +// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana +$rcmail_config['default_font'] = ''; + +// end of config file diff --git a/install/debian/12/roundcube/vesta.php b/install/debian/12/roundcube/vesta.php new file mode 100644 index 00000000..b3dd167f --- /dev/null +++ b/install/debian/12/roundcube/vesta.php @@ -0,0 +1,73 @@ + + */ +class rcube_vesta_password { + function save($curpass, $passwd) + { + $rcmail = rcmail::get_instance(); + $vesta_host = $rcmail->config->get('password_vesta_host'); + + if (empty($vesta_host)) + { + $vesta_host = 'localhost'; + } + + $vesta_port = $rcmail->config->get('password_vesta_port'); + if (empty($vesta_port)) + { + $vesta_port = '8083'; + } + + $postvars = array( + 'email' => $_SESSION['username'], + 'password' => $curpass, + 'new' => $passwd + ); + + $postdata = http_build_query($postvars); + + $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; + $send .= 'Host: ' . $vesta_host . PHP_EOL; + $send .= 'User-Agent: PHP Script' . PHP_EOL; + $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; + $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; + $send .= 'Connection: close' . PHP_EOL; + $send .= PHP_EOL; + $send .= $postdata . PHP_EOL . PHP_EOL; + + //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); + $errno = ""; + $errstr = ""; + $context = stream_context_create(); + + $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); + $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); + $result = stream_context_set_option($context, 'ssl', 'verify_host', false); + $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); + + $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); + fputs($fp, $send); + $result = fread($fp, 2048); + fclose($fp); + + $fp = fopen("/tmp/roundcube.log", 'w'); + fwrite($fp, "test ok"); + fwrite($fp, "\n"); + fclose($fp); + + + if(strpos($result, 'ok') && !strpos($result, 'error')) + { + return PASSWORD_SUCCESS; + } + else { + return PASSWORD_ERROR; + } + + } +} diff --git a/install/debian/12/sudo/admin b/install/debian/12/sudo/admin new file mode 100644 index 00000000..331fa1f2 --- /dev/null +++ b/install/debian/12/sudo/admin @@ -0,0 +1,8 @@ +# Created by vesta installer +Defaults env_keep="VESTA" +Defaults:admin !syslog +Defaults:admin !requiretty +Defaults:root !requiretty + +# sudo is limited to vesta scripts +admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/12/templates/dns/child-ns.tpl b/install/debian/12/templates/dns/child-ns.tpl new file mode 100755 index 00000000..42c046e4 --- /dev/null +++ b/install/debian/12/templates/dns/child-ns.tpl @@ -0,0 +1,14 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/dns/default.tpl b/install/debian/12/templates/dns/default.tpl new file mode 100755 index 00000000..e0a37e62 --- /dev/null +++ b/install/debian/12/templates/dns/default.tpl @@ -0,0 +1,18 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/dns/gmail.tpl b/install/debian/12/templates/dns/gmail.tpl new file mode 100755 index 00000000..219c9d24 --- /dev/null +++ b/install/debian/12/templates/dns/gmail.tpl @@ -0,0 +1,12 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/dns/office365.tpl b/install/debian/12/templates/dns/office365.tpl new file mode 100644 index 00000000..dcf556e1 --- /dev/null +++ b/install/debian/12/templates/dns/office365.tpl @@ -0,0 +1,22 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:spf.protection.outlook.com -all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='XXXXXXX.mail.protection.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"MS=msXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='autodiscover' TYPE='CNAME' PRIORITY='' VALUE='autodiscover.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='17' RECORD='sip' TYPE='CNAME' PRIORITY='' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='18' RECORD='lyncdiscover' TYPE='CNAME' PRIORITY='' VALUE='webdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='19' RECORD='enterpriseregistration' TYPE='CNAME' PRIORITY='' VALUE='enterpriseregistration.windows.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='20' RECORD='enterpriseenrollment' TYPE='CNAME' PRIORITY='' VALUE='enterpriseenrollment.manage.microsoft.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='21' RECORD='_sip._tls' TYPE='SRV' PRIORITY='100 1 443' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='22' RECORD='_sipfederationtls._tcp' TYPE='SRV' PRIORITY='100 1 5061' VALUE='sipfed.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/dns/yandex.tpl b/install/debian/12/templates/dns/yandex.tpl new file mode 100644 index 00000000..4ce768fe --- /dev/null +++ b/install/debian/12/templates/dns/yandex.tpl @@ -0,0 +1,16 @@ +ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='12' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='domain.mail.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mx.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.yandex.net ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' +ID='16' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"yandex-verification: XXXXXXXXXXXXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh new file mode 100755 index 00000000..a4deb752 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.2-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_82" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_82) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi +if [ -f "/etc/php/8.2/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.2/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl new file mode 100644 index 00000000..809e7f33 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl new file mode 100644 index 00000000..679d1409 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82.sh b/install/debian/12/templates/web/apache2/PHP-FPM-82.sh new file mode 100755 index 00000000..a4deb752 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.sh @@ -0,0 +1,119 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.2-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_82" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_82) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi +if [ -f "/etc/php/8.2/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.2/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82.stpl b/install/debian/12/templates/web/apache2/PHP-FPM-82.stpl new file mode 100644 index 00000000..e0d04794 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/install/debian/12/templates/web/apache2/PHP-FPM-82.tpl b/install/debian/12/templates/web/apache2/PHP-FPM-82.tpl new file mode 100644 index 00000000..eba95935 --- /dev/null +++ b/install/debian/12/templates/web/apache2/PHP-FPM-82.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.2-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/install/debian/12/templates/web/awstats/awstats.tpl b/install/debian/12/templates/web/awstats/awstats.tpl new file mode 100755 index 00000000..6bb51c50 --- /dev/null +++ b/install/debian/12/templates/web/awstats/awstats.tpl @@ -0,0 +1,133 @@ +LogFile="/var/log/%web_system%/domains/%domain%.log" +LogType=W +LogFormat=1 +LogSeparator=" " +SiteDomain="%domain_idn%" +HostAliases="%alias_idn%" +DirData="%home%/%user%/web/%domain%/stats" +DirCgi="/vstats" +DirIcons="/vstats/icon" +AllowToUpdateStatsFromBrowser=0 +AllowFullYearView=2 +EnableLockForUpdate=1 +DNSStaticCacheFile="dnscache.txt" +DNSLastUpdateCacheFile="dnscachelastupdate.txt" +SkipDNSLookupFor="" +AllowAccessFromWebToAuthenticatedUsersOnly=0 +AllowAccessFromWebToFollowingAuthenticatedUsers="" +AllowAccessFromWebToFollowingIPAddresses="" +CreateDirDataIfNotExists=0 +BuildHistoryFormat=text +BuildReportFormat=html +SaveDatabaseFilesWithPermissionsForEveryone=0 +PurgeLogFile=0 +ArchiveLogRecords=0 +KeepBackupOfHistoricFiles=1 +DefaultFile="index.php index.html" +SkipHosts="127.0.0.1" +SkipUserAgents="" +SkipFiles="" +SkipReferrersBlackList="" +OnlyHosts="" +OnlyUserAgents="" +OnlyUsers="" +OnlyFiles="" +NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" +ValidHTTPCodes="200 304" +ValidSMTPCodes="1 250" +AuthenticatedUsersNotCaseSensitive=0 +URLNotCaseSensitive=0 +URLWithAnchor=0 +URLQuerySeparators="?;" +URLWithQuery=0 +URLWithQueryWithOnlyFollowingParameters="" +URLWithQueryWithoutFollowingParameters="" +URLReferrerWithQuery=0 +WarningMessages=1 +ErrorMessages="" +DebugMessages=0 +NbOfLinesForCorruptedLog=50 +WrapperScript="" +DecodeUA=0 +MiscTrackerUrl="/js/awstats_misc_tracker.js" +UseFramesWhenCGI=1 +DetailedReportsOnNewWindows=1 +Expires=3600 +MaxRowsInHTMLOutput=1000 +Lang="auto" +DirLang="./lang" +ShowMenu=1 +ShowSummary=UVPHB +ShowMonthStats=UVPHB +ShowDaysOfMonthStats=VPHB +ShowDaysOfWeekStats=PHB +ShowHoursStats=PHB +ShowDomainsStats=PHB +ShowHostsStats=PHBL +ShowAuthenticatedUsers=0 +ShowRobotsStats=HBL +ShowWormsStats=0 +ShowEMailSenders=0 +ShowEMailReceivers=0 +ShowSessionsStats=1 +ShowPagesStats=PBEX +ShowFileTypesStats=HB +ShowFileSizesStats=0 +ShowDownloadsStats=HB +ShowOSStats=1 +ShowBrowsersStats=1 +ShowScreenSizeStats=0 +ShowOriginStats=PH +ShowKeyphrasesStats=1 +ShowKeywordsStats=1 +ShowMiscStats=a +ShowHTTPErrorsStats=1 +ShowSMTPErrorsStats=0 +ShowClusterStats=0 +AddDataArrayMonthStats=1 +AddDataArrayShowDaysOfMonthStats=1 +AddDataArrayShowDaysOfWeekStats=1 +AddDataArrayShowHoursStats=1 +IncludeInternalLinksInOriginSection=0 +MaxNbOfDomain = 10 +MinHitDomain = 1 +MaxNbOfHostsShown = 10 +MinHitHost = 1 +MaxNbOfLoginShown = 10 +MinHitLogin = 1 +MaxNbOfRobotShown = 10 +MinHitRobot = 1 +MaxNbOfDownloadsShown = 10 +MinHitDownloads = 1 +MaxNbOfPageShown = 10 +MinHitFile = 1 +MaxNbOfOsShown = 10 +MinHitOs = 1 +MaxNbOfBrowsersShown = 10 +MinHitBrowser = 1 +MaxNbOfScreenSizesShown = 5 +MinHitScreenSize = 1 +MaxNbOfWindowSizesShown = 5 +MinHitWindowSize = 1 +MaxNbOfRefererShown = 10 +MinHitRefer = 1 +MaxNbOfKeyphrasesShown = 10 +MinHitKeyphrase = 1 +MaxNbOfKeywordsShown = 10 +MinHitKeyword = 1 +MaxNbOfEMailsShown = 20 +MinHitEMail = 1 +FirstDayOfWeek=0 +ShowFlagLinks="" +ShowLinksOnUrl=1 +UseHTTPSLinkForUrl="" +MaxLengthOfShownURL=64 +HTMLHeadSection="" +HTMLEndSection="" +MetaRobot=0 +Logo="awstats_logo6.png" +LogoLink="http://awstats.sourceforge.net" +BarWidth = 260 +BarHeight = 90 +StyleSheet="" +ExtraTrackedRowsLimit=500 diff --git a/install/debian/12/templates/web/awstats/index.tpl b/install/debian/12/templates/web/awstats/index.tpl new file mode 100755 index 00000000..9df9bb5c --- /dev/null +++ b/install/debian/12/templates/web/awstats/index.tpl @@ -0,0 +1,10 @@ + + + + Awstats log analyzer + + + + + + diff --git a/install/debian/12/templates/web/awstats/nav.tpl b/install/debian/12/templates/web/awstats/nav.tpl new file mode 100755 index 00000000..f29bed68 --- /dev/null +++ b/install/debian/12/templates/web/awstats/nav.tpl @@ -0,0 +1,23 @@ + + + Awstats navigation + + + + + + + + +
vesta
+ +
+
+ + diff --git a/install/debian/12/templates/web/nginx/caching.sh b/install/debian/12/templates/web/nginx/caching.sh new file mode 100755 index 00000000..09d8efe7 --- /dev/null +++ b/install/debian/12/templates/web/nginx/caching.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +user=$1 +domain=$2 +ip=$3 +home=$4 +docroot=$5 + +str="proxy_cache_path /var/cache/nginx/$domain levels=2" +str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" +conf='/etc/nginx/conf.d/01_caching_pool.conf' +if [ -e "$conf" ]; then + if [ -z "$(grep "=${domain}:" $conf)" ]; then + echo "$str" >> $conf + fi +else + echo "$str" >> $conf +fi + diff --git a/install/debian/12/templates/web/nginx/caching.stpl b/install/debian/12/templates/web/nginx/caching.stpl new file mode 100644 index 00000000..f5c9740f --- /dev/null +++ b/install/debian/12/templates/web/nginx/caching.stpl @@ -0,0 +1,44 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/caching.tpl b/install/debian/12/templates/web/nginx/caching.tpl new file mode 100644 index 00000000..73de28d5 --- /dev/null +++ b/install/debian/12/templates/web/nginx/caching.tpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + proxy_cache cache; + proxy_cache_valid 15m; + proxy_cache_valid 404 1m; + proxy_no_cache $no_cache; + proxy_cache_bypass $no_cache; + proxy_cache_bypass $cookie_session $http_x_update; + + location ~* ^.+\.(%proxy_extentions%)$ { + proxy_cache off; + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.stpl b/install/debian/12/templates/web/nginx/force-https-legacy.stpl new file mode 100644 index 00000000..8e636db3 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/force-https-legacy.tpl b/install/debian/12/templates/web/nginx/force-https-legacy.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-legacy.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/force-https-public.stpl b/install/debian/12/templates/web/nginx/force-https-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/force-https-public.tpl b/install/debian/12/templates/web/nginx/force-https-public.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-public.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https-webmail-phpmyadmin.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/force-https.stpl b/install/debian/12/templates/web/nginx/force-https.stpl new file mode 100644 index 00000000..55f41002 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/force-https.tpl b/install/debian/12/templates/web/nginx/force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.sh b/install/debian/12/templates/web/nginx/hosting-legacy.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-legacy.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.stpl b/install/debian/12/templates/web/nginx/hosting-legacy.stpl new file mode 100644 index 00000000..efdd3b87 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-legacy.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-legacy.tpl b/install/debian/12/templates/web/nginx/hosting-legacy.tpl new file mode 100644 index 00000000..a41d4054 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-legacy.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-public.stpl b/install/debian/12/templates/web/nginx/hosting-public.stpl new file mode 100644 index 00000000..a7609b13 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-public.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-public.tpl b/install/debian/12/templates/web/nginx/hosting-public.tpl new file mode 100644 index 00000000..f5d8b327 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-public.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%/public; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%/public; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl new file mode 100644 index 00000000..2db9a06e --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.stpl @@ -0,0 +1,64 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.tpl new file mode 100644 index 00000000..f84f4781 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting-webmail-phpmyadmin.tpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /webmail { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /var/lib/roundcube; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /phpmyadmin { + disable_symlinks off; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root /usr/share; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting.sh b/install/debian/12/templates/web/nginx/hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/hosting.stpl b/install/debian/12/templates/web/nginx/hosting.stpl new file mode 100644 index 00000000..5745311e --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/hosting.tpl b/install/debian/12/templates/web/nginx/hosting.tpl new file mode 100644 index 00000000..61469ad2 --- /dev/null +++ b/install/debian/12/templates/web/nginx/hosting.tpl @@ -0,0 +1,36 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.stpl new file mode 100644 index 00000000..cf8fad56 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.tpl new file mode 100644 index 00000000..f9e90393 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/cms_made_simple.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?page=$request_uri; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.stpl new file mode 100644 index 00000000..5931f617 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.stpl @@ -0,0 +1,60 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.tpl new file mode 100644 index 00000000..d2422be2 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/codeigniter2.tpl @@ -0,0 +1,57 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location = /index.php { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ \.php$ { + return 444; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.stpl new file mode 100644 index 00000000..3c2793d1 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.stpl @@ -0,0 +1,55 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.tpl new file mode 100644 index 00000000..54f81b99 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/codeigniter3.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.stpl new file mode 100644 index 00000000..bb9a727b --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.stpl @@ -0,0 +1,126 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.tpl new file mode 100644 index 00000000..3ea45347 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/datalife_engine.tpl @@ -0,0 +1,123 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; + + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; + rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; + rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; + + rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; + rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; + rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; + rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; + + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; + rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; + + rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; + rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; + + rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; + rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; + + rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; + rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; + + rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; + rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; + + rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; + rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; + rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; + rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; + + rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; + rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; + + rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; + rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; + + rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; + rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; + + rewrite "^/favorites(/?)+$" /index.php?do=favorites last; + rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; + + rewrite "^/rules.html$" /index.php?do=rules last; + rewrite "^/statistics.html$" /index.php?do=stats last; + rewrite "^/addnews.html$" /index.php?do=addnews last; + rewrite "^/rss.xml$" /engine/rss.php last; + rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; + + if (!-d $request_filename) { + rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; + rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; + rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; + rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; + } + + if (!-f $request_filename) { + rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/default.stpl b/install/debian/12/templates/web/nginx/php-fpm/default.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/default.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/default.tpl b/install/debian/12/templates/web/nginx/php-fpm/default.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/default.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.stpl new file mode 100644 index 00000000..a7564705 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.tpl new file mode 100644 index 00000000..0a9a75ed --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/dokuwiki.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + index doku.php; + try_files $uri $uri/ @dokuwiki; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location ~ ^/lib.*\.(gif|png|ico|jpg)$ { + expires 30d; + } + + location ^~ /conf/ { return 403; } + location ^~ /data/ { return 403; } + location @dokuwiki { + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1 last; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/12/templates/web/nginx/php-fpm/drupal6.stpl new file mode 100644 index 00000000..6e67a4e0 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal6.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/12/templates/web/nginx/php-fpm/drupal6.tpl new file mode 100644 index 00000000..d1096bff --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal6.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri @rewrite; + } + + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ ^/sites/.*/files/imagecache/ { + try_files $uri @rewrite; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/12/templates/web/nginx/php-fpm/drupal7.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal7.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/12/templates/web/nginx/php-fpm/drupal7.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal7.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/12/templates/web/nginx/php-fpm/drupal8.stpl new file mode 100644 index 00000000..32f01a6f --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal8.stpl @@ -0,0 +1,94 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/12/templates/web/nginx/php-fpm/drupal8.tpl new file mode 100644 index 00000000..c9729795 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/drupal8.tpl @@ -0,0 +1,91 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + location ~ ^/sites/.*/private/ { + return 403; + } + + location ~ ^/sites/[^/]+/files/.*\.php$ { + deny all; + } + + location / { + try_files $uri /index.php?$query_string; + } + + location ~ /vendor/.*\.php$ { + deny all; + return 404; + } + + location ~ ^/sites/.*/files/styles/ { + try_files $uri @rewrite; + } + + location ~ ^(/[a-z\-]+)?/system/files/ { + try_files $uri /index.php?$query_string; + } + + location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { + try_files $uri @rewrite; + expires max; + log_not_found off; + } + + location ~ '\.php$|^/update.php' { + fastcgi_split_path_info ^(.+?\.php)(|/.*)$; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/joomla.stpl b/install/debian/12/templates/web/nginx/php-fpm/joomla.stpl new file mode 100644 index 00000000..d4f96ee3 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/joomla.stpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/joomla.tpl b/install/debian/12/templates/web/nginx/php-fpm/joomla.tpl new file mode 100644 index 00000000..91b7a8f1 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/joomla.tpl @@ -0,0 +1,59 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + # deny running scripts inside writable directories + location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { + return 403; + error_page 403 /403_error.html; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/laravel.stpl b/install/debian/12/templates/web/nginx/php-fpm/laravel.stpl new file mode 100644 index 00000000..db0b4dde --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/laravel.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/laravel.tpl b/install/debian/12/templates/web/nginx/php-fpm/laravel.tpl new file mode 100644 index 00000000..d14b0173 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/laravel.tpl @@ -0,0 +1,50 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ /index.php?$query_string; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/magento.stpl b/install/debian/12/templates/web/nginx/php-fpm/magento.stpl new file mode 100644 index 00000000..f8ac30c9 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/magento.stpl @@ -0,0 +1,197 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + root %sdocroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %sdocroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %sdocroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %sdocroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/magento.tpl b/install/debian/12/templates/web/nginx/php-fpm/magento.tpl new file mode 100644 index 00000000..3f292fff --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/magento.tpl @@ -0,0 +1,194 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + + root %docroot%/pub; + index index.php; + autoindex off; + charset UTF-8; + error_page 404 403 = /errors/404.php; + add_header "X-UA-Compatible" "IE=Edge"; + + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + # PHP entry point for setup application + location ~* ^/setup($|/) { + root %docroot%; + + location ~ ^/setup/index.php { + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + location ~ ^/setup/(?!pub/). { + deny all; + } + + location ~ ^/setup/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + # PHP entry point for update application + location ~* ^/update($|/) { + root %docroot%; + + location ~ ^/update/index.php { + fastcgi_split_path_info ^(/update/index.php)(/.+)$; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + include /etc/nginx/fastcgi_params; + } + + # Deny everything but index.php + location ~ ^/update/(?!pub/). { + deny all; + } + + location ~ ^/update/pub/ { + add_header X-Frame-Options "SAMEORIGIN"; + } + } + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location /pub/ { + location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { + deny all; + } + + alias %docroot%/pub/; + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /static/ { + # Uncomment the following line in production mode + # expires max; + + # Remove signature of the static files that is used to overcome the browser cache + location ~ ^/static/version { + rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + } + + if (!-f $request_filename) { + rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/ { + try_files $uri $uri/ /get.php?$args; + + location ~ ^/media/theme_customization/.*\.xml { + deny all; + } + + location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { + add_header Cache-Control "public"; + add_header X-Frame-Options "SAMEORIGIN"; + expires +1y; + try_files $uri $uri/ /get.php?$args; + } + + location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { + add_header Cache-Control "no-store"; + add_header X-Frame-Options "SAMEORIGIN"; + expires off; + try_files $uri $uri/ /get.php?$args; + } + + add_header X-Frame-Options "SAMEORIGIN"; + } + + location /media/customer/ { + deny all; + } + + location /media/downloadable/ { + deny all; + } + + location /media/import/ { + deny all; + } + + # PHP entry point for main application + location ~ (index|get|static|report|404|503)\.php$ { + try_files $uri =404; + + fastcgi_pass %backend_lsnr%; + fastcgi_buffers 1024 4k; + fastcgi_read_timeout 600s; + fastcgi_connect_timeout 600s; + + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + + gzip on; + gzip_disable "msie6"; + + gzip_comp_level 6; + gzip_min_length 1100; + gzip_buffers 16 8k; + gzip_proxied any; + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/xml+rss + image/svg+xml; + gzip_vary on; + + # Banned locations (only reached if the earlier PHP entry point regexes don't match) + location ~* (\.php$|\.htaccess$|\.git) { + deny all; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/modx.stpl b/install/debian/12/templates/web/nginx/php-fpm/modx.stpl new file mode 100644 index 00000000..420aeb9e --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/modx.stpl @@ -0,0 +1,68 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ https://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/modx.tpl b/install/debian/12/templates/web/nginx/php-fpm/modx.tpl new file mode 100644 index 00000000..342d3ecf --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/modx.tpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; +# if you need to rewrite www to non-www uncomment bellow +# if ($host != '%domain%' ) { +# rewrite ^/(.*)$ http://%domain%/$1 permanent; +# } + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ @rewrite; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + location @rewrite { + rewrite ^/(.*)$ /index.php?q=$1; + } + + location ~ \.php$ { + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + include /etc/nginx/fastcgi_params; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/moodle.stpl b/install/debian/12/templates/web/nginx/php-fpm/moodle.stpl new file mode 100644 index 00000000..8594ec94 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/moodle.stpl @@ -0,0 +1,89 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/moodle.tpl b/install/debian/12/templates/web/nginx/php-fpm/moodle.tpl new file mode 100644 index 00000000..c20ba648 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/moodle.tpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Very rarely should these ever be accessed outside of your lan + location ~* \.(txt|log)$ { + allow 192.168.0.0/16; + deny all; + } + + location ~ \..*/.*\.php$ { + return 403; + } + + # No no for private + location ~ ^/sites/.*/private/ { + return 403; + } + + # Block access to "hidden" files and directories whose names begin with a + # period. This includes directories used by version control systems such + # as Subversion or Git to store control files. + location ~ (^|/)\. { + return 403; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_intercept_errors on; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/no-php.stpl b/install/debian/12/templates/web/nginx/php-fpm/no-php.stpl new file mode 100644 index 00000000..4bb50383 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/no-php.stpl @@ -0,0 +1,46 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/no-php.tpl b/install/debian/12/templates/web/nginx/php-fpm/no-php.tpl new file mode 100644 index 00000000..7ff8aa1d --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/no-php.tpl @@ -0,0 +1,43 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + types { + text/html html htm shtml php php5; + } + + location / { + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/odoo.stpl b/install/debian/12/templates/web/nginx/php-fpm/odoo.stpl new file mode 100644 index 00000000..e28afcfc --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/odoo.stpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/odoo.tpl b/install/debian/12/templates/web/nginx/php-fpm/odoo.tpl new file mode 100644 index 00000000..b1240aae --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/odoo.tpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Real-IP $remote_addr; + + proxy_connect_timeout 720; + proxy_send_timeout 720; + proxy_read_timeout 720; + send_timeout 720; + + # Allow "Well-Known URIs" as per RFC 5785 + location ~* ^/.well-known/ { + allow all; + } + + location / { + proxy_pass http://127.0.0.1:8069; + } + + location /longpolling { + proxy_pass http://127.0.0.1:8072; + } + + location ~* /web/static/ { + proxy_cache_valid 200 60m; + proxy_buffering on; + expires 864000; + proxy_pass http://127.0.0.1:8069; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/opencart.stpl b/install/debian/12/templates/web/nginx/php-fpm/opencart.stpl new file mode 100644 index 00000000..52706d21 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/opencart.stpl @@ -0,0 +1,58 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/opencart.tpl b/install/debian/12/templates/web/nginx/php-fpm/opencart.tpl new file mode 100644 index 00000000..d0a9060b --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/opencart.tpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location / { + try_files $uri $uri/ @opencart; + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + location @opencart { + rewrite ^/(.+)$ /index.php?_route_=$1 last; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/owncloud.stpl b/install/debian/12/templates/web/nginx/php-fpm/owncloud.stpl new file mode 100644 index 00000000..1b803f97 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/owncloud.stpl @@ -0,0 +1,84 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/owncloud.tpl b/install/debian/12/templates/web/nginx/php-fpm/owncloud.tpl new file mode 100644 index 00000000..e3ec31de --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/owncloud.tpl @@ -0,0 +1,81 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; + rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; + rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; + + error_page 403 = /core/templates/403.php; + error_page 404 = /core/templates/404.php; + + location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ + deny all; + } + + location / { + # The following 2 rules are only needed with webfinger + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; + rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; + rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; + rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; + try_files $uri $uri/ /index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + #fastcgi_param HTTPS on; + fastcgi_pass %backend_lsnr%; + } + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + # Some basic cache-control for static files to be sent to the browser + add_header Pragma public; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; + } + + #error_page 403 /error/404.html; + #error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/piwik.stpl b/install/debian/12/templates/web/nginx/php-fpm/piwik.stpl new file mode 100644 index 00000000..1b299343 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/piwik.stpl @@ -0,0 +1,72 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/piwik.tpl b/install/debian/12/templates/web/nginx/php-fpm/piwik.tpl new file mode 100644 index 00000000..f94fb7de --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/piwik.tpl @@ -0,0 +1,69 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + try_files /favicon.ico =204; + } + + location / { + try_files $uri /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + valid_referers none blocked %domain_idn% %alias_idn%; + if ($invalid_referer) { + return 444; + } + expires max; + } + + location ~* ^/(?:index|piwik)\.php$ { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + include /etc/nginx/fastcgi_params; + } + } + + # Any other attempt to access PHP files returns a 404. + location ~* ^.+\.php$ { + return 404; + } + + # Return a 404 for all text files. + location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { + return 404; + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/12/templates/web/nginx/php-fpm/pyrocms.stpl new file mode 100644 index 00000000..d26ed9f4 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/pyrocms.stpl @@ -0,0 +1,65 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/12/templates/web/nginx/php-fpm/pyrocms.tpl new file mode 100644 index 00000000..b92861b0 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/pyrocms.tpl @@ -0,0 +1,62 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%/public; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location /installer { + try_files $uri $uri/ /installer/index.php?$query_string; + } + + location / { + try_files $uri $uri/ /index.php; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; + } + } + + location = /robots.txt { access_log off; log_not_found off; } + location = /favicon.ico { access_log off; log_not_found off; } + location ~ /\.ht { access_log off; log_not_found off; deny all; } + location ~ ~$ { access_log off; log_not_found off; deny all; } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/12/templates/web/nginx/php-fpm/sendy.stpl new file mode 100644 index 00000000..0b351000 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/sendy.stpl @@ -0,0 +1,88 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/sendy.tpl b/install/debian/12/templates/web/nginx/php-fpm/sendy.tpl new file mode 100644 index 00000000..b27b427d --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/sendy.tpl @@ -0,0 +1,86 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { + deny all; + } + + location ~ /(readme.html|license.txt) { + deny all; + } + + if (!-f $request_filename){ + rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; + } + + location / { + try_files $uri $uri/ /index.php?$args; + location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { + expires 1d; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + try_files $uri =404; + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + + location /l/ { + rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; + } + + location /t/ { + rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; + } + + location /w/ { + rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; + } + + location /unsubscribe/ { + rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; + } + + location /subscribe/ { + rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress.stpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress.stpl new file mode 100644 index 00000000..f9c01e40 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress.stpl @@ -0,0 +1,54 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress.tpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress.tpl new file mode 100644 index 00000000..a8909efb --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress.tpl @@ -0,0 +1,51 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location / { + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress2.stpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress2.stpl new file mode 100644 index 00000000..01dfee5b --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress2.stpl @@ -0,0 +1,66 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress2.tpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress2.tpl new file mode 100644 index 00000000..bccb8b3d --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress2.tpl @@ -0,0 +1,63 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/conf/web/%domain%.auth*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl new file mode 100644 index 00000000..a5fc46fb --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl @@ -0,0 +1,71 @@ +server { + listen %ip%:%web_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl new file mode 100644 index 00000000..39e366b7 --- /dev/null +++ b/install/debian/12/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl @@ -0,0 +1,67 @@ +server { + listen %ip%:%web_port%; + server_name %domain_idn% %alias_idn%; + root %docroot%; + index index.php index.html index.htm; + access_log /var/log/nginx/domains/%domain%.log combined; + access_log /var/log/nginx/domains/%domain%.bytes bytes; + error_log /var/log/nginx/domains/%domain%.error.log error; + location = /favicon.ico { + log_not_found off; + access_log off; + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + location / { + try_files $uri $uri/ /index.php?$args; + + if (!-e $request_filename) + { + rewrite ^(.+)$ /index.php?q=$1 last; + } + + location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { + expires max; + } + + location ~ [^/]\.php(/|$) { + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + if (!-f $document_root$fastcgi_script_name) { + return 404; + } + + fastcgi_pass %backend_lsnr%; + fastcgi_index index.php; + include /etc/nginx/fastcgi_params; + } + } + + error_page 403 /error/404.html; + error_page 404 /error/404.html; + error_page 500 502 503 504 /error/50x.html; + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~* "/\.(htaccess|htpasswd)$" { + deny all; + return 404; + } + + location /vstats/ { + alias %home%/%user%/web/%domain%/stats/; + include %home%/%user%/web/%domain%/stats/auth.conf*; + } + + include /etc/nginx/conf.d/phpmyadmin.inc*; + include /etc/nginx/conf.d/phppgadmin.inc*; + include /etc/nginx/conf.d/webmail.inc*; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/private-force-https.stpl b/install/debian/12/templates/web/nginx/private-force-https.stpl new file mode 100644 index 00000000..bf805683 --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-force-https.stpl @@ -0,0 +1,40 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/install/debian/12/templates/web/nginx/private-force-https.tpl b/install/debian/12/templates/web/nginx/private-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/install/debian/12/templates/web/nginx/private-hosting.sh b/install/debian/12/templates/web/nginx/private-hosting.sh new file mode 100755 index 00000000..eeed37ef --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-hosting.sh @@ -0,0 +1,11 @@ +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/templates/web/nginx/private-hosting.stpl b/install/debian/12/templates/web/nginx/private-hosting.stpl new file mode 100644 index 00000000..8e5b3f7b --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-hosting.stpl @@ -0,0 +1,42 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass https://%ip%:%web_ssl_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/private-hosting.tpl b/install/debian/12/templates/web/nginx/private-hosting.tpl new file mode 100644 index 00000000..a8ee840e --- /dev/null +++ b/install/debian/12/templates/web/nginx/private-hosting.tpl @@ -0,0 +1,38 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + auth_basic "Restricted area"; + auth_basic_user_file /etc/nginx/.htpasswd; + proxy_pass http://%ip%:%web_port%; + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; +} + diff --git a/install/debian/12/templates/web/nginx/proxy_ip.tpl b/install/debian/12/templates/web/nginx/proxy_ip.tpl new file mode 100644 index 00000000..ae195617 --- /dev/null +++ b/install/debian/12/templates/web/nginx/proxy_ip.tpl @@ -0,0 +1,9 @@ +server { + listen %ip%:%proxy_port% default; + server_name _; + #access_log /var/log/nginx/%ip%.log main; + location / { + proxy_pass http://%ip%:%web_port%; + } +} + diff --git a/install/debian/12/templates/web/php-fpm/default.tpl b/install/debian/12/templates/web/php-fpm/default.tpl new file mode 100644 index 00000000..209e1e43 --- /dev/null +++ b/install/debian/12/templates/web/php-fpm/default.tpl @@ -0,0 +1,21 @@ +[%backend%] +listen = 127.0.0.1:%backend_port% +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/12/templates/web/php-fpm/no-php.tpl b/install/debian/12/templates/web/php-fpm/no-php.tpl new file mode 100644 index 00000000..047c33ed --- /dev/null +++ b/install/debian/12/templates/web/php-fpm/no-php.tpl @@ -0,0 +1,20 @@ +;[%backend%] +;listen = /dev/null + +;user = %user% +;group = %user% + +;listen.owner = %user% +;listen.group = www-data + +;pm = ondemand +;pm.max_children = 4 +;pm.max_requests = 4000 +;pm.process_idle_timeout = 10s +;pm.status_path = /status + +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /home/%user%/tmp +;env[TMPDIR] = /home/%user%/tmp +;env[TEMP] = /home/%user%/tmp diff --git a/install/debian/12/templates/web/php-fpm/socket.tpl b/install/debian/12/templates/web/php-fpm/socket.tpl new file mode 100644 index 00000000..a0151084 --- /dev/null +++ b/install/debian/12/templates/web/php-fpm/socket.tpl @@ -0,0 +1,24 @@ +[%backend%] +listen = /var/run/php/%backend%.sock +listen.allowed_clients = 127.0.0.1 + +user = %user% +group = %user% + +listen.owner = %user% +listen.group = www-data + +pm = ondemand +pm.max_children = 4 +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/%user%/tmp +php_admin_value[session.save_path] = /home/%user%/tmp + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/%user%/tmp +env[TMPDIR] = /home/%user%/tmp +env[TEMP] = /home/%user%/tmp diff --git a/install/debian/12/templates/web/skel/document_errors/403.html b/install/debian/12/templates/web/skel/document_errors/403.html new file mode 100755 index 00000000..9c3f6baa --- /dev/null +++ b/install/debian/12/templates/web/skel/document_errors/403.html @@ -0,0 +1,29 @@ + + + 403 — Forbidden + + + + + + +

%domain%

+ +

403

+

Forbidden

+
+ Unfortunately, you do not have permission to view this +
+ + + diff --git a/install/debian/12/templates/web/skel/document_errors/404.html b/install/debian/12/templates/web/skel/document_errors/404.html new file mode 100755 index 00000000..2cee7708 --- /dev/null +++ b/install/debian/12/templates/web/skel/document_errors/404.html @@ -0,0 +1,28 @@ + + + 404 — Not Found + + + + + + +

%domain%

+

404

+

Page Not Found

+
+ It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. + You can start again from the home or go back to previous page. +
+ + diff --git a/install/debian/12/templates/web/skel/document_errors/50x.html b/install/debian/12/templates/web/skel/document_errors/50x.html new file mode 100755 index 00000000..85ba648b --- /dev/null +++ b/install/debian/12/templates/web/skel/document_errors/50x.html @@ -0,0 +1,29 @@ + + + 500 — Internal Sever Error + + + + + + +

%domain%

+ +

500

+

Internal Server Error

+
+ Sorry, something went wrong :( +
+ + + diff --git a/install/debian/12/templates/web/skel/public_html/index.html b/install/debian/12/templates/web/skel/public_html/index.html new file mode 100755 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/12/templates/web/skel/public_html/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/12/templates/web/skel/public_html/robots.txt b/install/debian/12/templates/web/skel/public_html/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/12/templates/web/skel/public_html/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/12/templates/web/skel/public_shtml/index.html b/install/debian/12/templates/web/skel/public_shtml/index.html new file mode 100755 index 00000000..c2895cf2 --- /dev/null +++ b/install/debian/12/templates/web/skel/public_shtml/index.html @@ -0,0 +1,26 @@ + + + %domain% — Coming Soon + + + + + + +

%domain%

+ + + + + diff --git a/install/debian/12/templates/web/skel/public_shtml/robots.txt b/install/debian/12/templates/web/skel/public_shtml/robots.txt new file mode 100755 index 00000000..00ee83dc --- /dev/null +++ b/install/debian/12/templates/web/skel/public_shtml/robots.txt @@ -0,0 +1,3 @@ +# vestacp autogenerated robots.txt +User-agent: * +Crawl-delay: 10 diff --git a/install/debian/12/templates/web/suspend/.htaccess b/install/debian/12/templates/web/suspend/.htaccess new file mode 100755 index 00000000..5a6df83f --- /dev/null +++ b/install/debian/12/templates/web/suspend/.htaccess @@ -0,0 +1,2 @@ +ErrorDocument 403 /index.html +ErrorDocument 404 /index.html diff --git a/install/debian/12/templates/web/suspend/index.html b/install/debian/12/templates/web/suspend/index.html new file mode 100755 index 00000000..3815354d --- /dev/null +++ b/install/debian/12/templates/web/suspend/index.html @@ -0,0 +1,25 @@ + + + Website Suspended + + + + + +

Temporary under construction

+

This website is temporary under construction.

+
+ We will back again soon. +
+ + diff --git a/install/debian/12/templates/web/webalizer/webalizer.tpl b/install/debian/12/templates/web/webalizer/webalizer.tpl new file mode 100755 index 00000000..068adcfb --- /dev/null +++ b/install/debian/12/templates/web/webalizer/webalizer.tpl @@ -0,0 +1,110 @@ +HostName %domain_idn% +LogFile /var/log/%web_system%/domains/%domain%.log +OutputDir %home%/%user%/web/%domain%/stats +HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist +Incremental yes +IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current +PageType htm* +PageType cgi +PageType php +PageType shtml +DNSCache /var/lib/webalizer/dns_cache.db +DNSChildren 10 +Quiet yes +FoldSeqErr yes +IndexAlias index.php +HideURL *.gif +HideURL *.GIF +HideURL *.jpg +HideURL *.JPG +HideURL *.png +HideURL *.PNG +HideURL *.ra +SearchEngine abcsearch. terms= +SearchEngine alexa. q= +SearchEngine alltheweb. q= +SearchEngine alltheweb. query= +SearchEngine alot. q= +SearchEngine altavista. q= +SearchEngine aolsearch. query= +SearchEngine aport.ru r= +SearchEngine ask. q= +SearchEngine atlas.cz q= +SearchEngine bbc. q= +SearchEngine bing. q= +SearchEngine blingo. q= +SearchEngine blogs.yandex.ru text= +SearchEngine btopenworld query= +SearchEngine buscador.ya.com q= +SearchEngine busca. q= +SearchEngine business. query= +SearchEngine centrum.cz q= +SearchEngine chiff. q= +SearchEngine clusty. query= +SearchEngine comcast. q= +SearchEngine crawler. q= +SearchEngine cuil. q= +SearchEngine dmoz. search= +SearchEngine dogpile.com q= +SearchEngine dpxml qkw= +SearchEngine eureka. searchword= +SearchEngine euroseek. string= +SearchEngine exalead. q= +SearchEngine excite search= +SearchEngine ezilon. q= +SearchEngine fastbrowsersearch. q= +SearchEngine feedster.com q= +SearchEngine fireball.de q= +SearchEngine fireball. keyword= +SearchEngine freeserve. q= +SearchEngine gigablast. q= +SearchEngine gogo.ru q= +SearchEngine go.mail.ru q= +SearchEngine google. q= +SearchEngine hakia. q= +SearchEngine hotbot. query= +SearchEngine infoseek. qt= +SearchEngine iwon searchfor= +SearchEngine ixquick.com query= +SearchEngine joeant. keywords= +SearchEngine jyxo.cz s= +SearchEngine looksmart. key= +SearchEngine lycos. query= +SearchEngine mamma. q= +SearchEngine metacrawler q= +SearchEngine msn. MT= +SearchEngine msxml qkw= +SearchEngine mysearch. searchfor= +SearchEngine mywebsearch. searchfor= +SearchEngine netscape. q= +SearchEngine nigma.ru q= +SearchEngine northernlight. qr= +SearchEngine ntlworld. q= +SearchEngine orange. q= +SearchEngine overture. Keywords= +SearchEngine punto.ru text= +SearchEngine rambler. keyword= +SearchEngine search.aol. q= +SearchEngine search.babylon. q= +SearchEngine search.centrum. phrase= +SearchEngine search.conduit. q= +SearchEngine search.earthlink q= +SearchEngine search.icq. q= +SearchEngine search.live.com q= +SearchEngine search.rambler.ru words= +SearchEngine search.winamp. q= +SearchEngine searchy. q= +SearchEngine seznam.cz w= +SearchEngine snap. query= +SearchEngine teoma. q= +SearchEngine teradex.com q= +SearchEngine ukplus key= +SearchEngine verizon. q= +SearchEngine virginmedia. q= +SearchEngine voila. rdata= +SearchEngine webcrawler searchText= +SearchEngine web.search.naver. query= +SearchEngine wisenut q= +SearchEngine yahoo. p= +SearchEngine yandex. text= +SearchEngine yodao. q= diff --git a/install/debian/12/vsftpd/vsftpd.conf b/install/debian/12/vsftpd/vsftpd.conf new file mode 100644 index 00000000..1ca1a992 --- /dev/null +++ b/install/debian/12/vsftpd/vsftpd.conf @@ -0,0 +1,26 @@ +anonymous_enable=NO +local_enable=YES +write_enable=YES +local_umask=022 +anon_umask=022 +anon_upload_enable=NO +dirmessage_enable=YES +xferlog_enable=YES +connect_from_port_20=YES +xferlog_std_format=YES +dual_log_enable=YES +chroot_local_user=YES +listen=YES +pam_service_name=vsftpd +userlist_enable=NO +tcp_wrappers=YES +force_dot_files=YES +ascii_upload_enable=YES +ascii_download_enable=YES +#allow_writable_chroot=YES +allow_writeable_chroot=YES +seccomp_sandbox=NO +pasv_enable=YES +pasv_max_port=12100 +pasv_min_port=12000 +use_localtime=YES diff --git a/install/debian/8/exim/dnsbl.conf b/install/debian/8/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/8/exim/dnsbl.conf +++ b/install/debian/8/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/8/exim/exim4.conf.template b/install/debian/8/exim/exim4.conf.template index e49bbf4e..261947d2 100644 --- a/install/debian/8/exim/exim4.conf.template +++ b/install/debian/8/exim/exim4.conf.template @@ -87,16 +87,18 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept diff --git a/install/debian/8/templates/web/apache2/basedir.stpl b/install/debian/8/templates/web/apache2/basedir.stpl index 2db1d52c..60a8f7fd 100644 --- a/install/debian/8/templates/web/apache2/basedir.stpl +++ b/install/debian/8/templates/web/apache2/basedir.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/basedir.tpl b/install/debian/8/templates/web/apache2/basedir.tpl index 96c94a1b..3b8f875a 100644 --- a/install/debian/8/templates/web/apache2/basedir.tpl +++ b/install/debian/8/templates/web/apache2/basedir.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/default.stpl b/install/debian/8/templates/web/apache2/default.stpl index ec34c279..3fc7e160 100644 --- a/install/debian/8/templates/web/apache2/default.stpl +++ b/install/debian/8/templates/web/apache2/default.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/default.tpl b/install/debian/8/templates/web/apache2/default.tpl index 3a227015..464257ec 100644 --- a/install/debian/8/templates/web/apache2/default.tpl +++ b/install/debian/8/templates/web/apache2/default.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/hosting.stpl b/install/debian/8/templates/web/apache2/hosting.stpl index c9c19512..b17014cd 100644 --- a/install/debian/8/templates/web/apache2/hosting.stpl +++ b/install/debian/8/templates/web/apache2/hosting.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value upload_max_filesize 10M php_admin_value max_execution_time 20 php_admin_value post_max_size 8M diff --git a/install/debian/8/templates/web/apache2/hosting.tpl b/install/debian/8/templates/web/apache2/hosting.tpl index 1eb26910..34f55b29 100644 --- a/install/debian/8/templates/web/apache2/hosting.tpl +++ b/install/debian/8/templates/web/apache2/hosting.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value upload_max_filesize 10M php_admin_value max_execution_time 20 php_admin_value post_max_size 8M diff --git a/install/debian/8/templates/web/apache2/phpcgi.stpl b/install/debian/8/templates/web/apache2/phpcgi.stpl index ae560dbe..7c1248d4 100644 --- a/install/debian/8/templates/web/apache2/phpcgi.stpl +++ b/install/debian/8/templates/web/apache2/phpcgi.stpl @@ -14,7 +14,7 @@ SSLRequireSSL AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/phpcgi.tpl b/install/debian/8/templates/web/apache2/phpcgi.tpl index c6796d29..603ea8b9 100644 --- a/install/debian/8/templates/web/apache2/phpcgi.tpl +++ b/install/debian/8/templates/web/apache2/phpcgi.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/phpfcgid.stpl b/install/debian/8/templates/web/apache2/phpfcgid.stpl index bc3688d9..98304f2a 100644 --- a/install/debian/8/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/8/templates/web/apache2/phpfcgid.stpl @@ -14,7 +14,7 @@ SSLRequireSSL AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/apache2/phpfcgid.tpl b/install/debian/8/templates/web/apache2/phpfcgid.tpl index a4c01269..525b1f53 100644 --- a/install/debian/8/templates/web/apache2/phpfcgid.tpl +++ b/install/debian/8/templates/web/apache2/phpfcgid.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/8/templates/web/awstats/awstats.tpl b/install/debian/8/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/8/templates/web/awstats/awstats.tpl +++ b/install/debian/8/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/9/exim/dnsbl.conf b/install/debian/9/exim/dnsbl.conf index 5166b255..279bafcd 100644 --- a/install/debian/9/exim/dnsbl.conf +++ b/install/debian/9/exim/dnsbl.conf @@ -1,2 +1 @@ bl.spamcop.net -zen.spamhaus.org diff --git a/install/debian/9/exim/exim4.conf.template b/install/debian/9/exim/exim4.conf.template index e49bbf4e..261947d2 100644 --- a/install/debian/9/exim/exim4.conf.template +++ b/install/debian/9/exim/exim4.conf.template @@ -87,16 +87,18 @@ acl_check_mail: deny condition = ${if eq{$sender_helo_name}{}} message = HELO required before MAIL - drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid + drop !authenticated = * + message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match{${lc:$sender_host_name}}{.telenor.rs}{false}{true}} condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} delay = 45s - drop condition = ${if isip{$sender_helo_name}} + drop !authenticated = * + condition = ${if isip{$sender_helo_name}} message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} + drop !authenticated = * + condition = ${if eq{[$interface_address]}{$sender_helo_name}} message = $interface_address is _my_ address accept diff --git a/install/debian/9/templates/web/apache2/basedir.stpl b/install/debian/9/templates/web/apache2/basedir.stpl index 2db1d52c..60a8f7fd 100644 --- a/install/debian/9/templates/web/apache2/basedir.stpl +++ b/install/debian/9/templates/web/apache2/basedir.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/basedir.tpl b/install/debian/9/templates/web/apache2/basedir.tpl index 96c94a1b..3b8f875a 100644 --- a/install/debian/9/templates/web/apache2/basedir.tpl +++ b/install/debian/9/templates/web/apache2/basedir.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/default.stpl b/install/debian/9/templates/web/apache2/default.stpl index ec34c279..3fc7e160 100644 --- a/install/debian/9/templates/web/apache2/default.stpl +++ b/install/debian/9/templates/web/apache2/default.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/default.tpl b/install/debian/9/templates/web/apache2/default.tpl index 3a227015..464257ec 100644 --- a/install/debian/9/templates/web/apache2/default.tpl +++ b/install/debian/9/templates/web/apache2/default.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/hosting.stpl b/install/debian/9/templates/web/apache2/hosting.stpl index c9c19512..b17014cd 100644 --- a/install/debian/9/templates/web/apache2/hosting.stpl +++ b/install/debian/9/templates/web/apache2/hosting.stpl @@ -14,7 +14,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value upload_max_filesize 10M php_admin_value max_execution_time 20 php_admin_value post_max_size 8M diff --git a/install/debian/9/templates/web/apache2/hosting.tpl b/install/debian/9/templates/web/apache2/hosting.tpl index 1eb26910..34f55b29 100644 --- a/install/debian/9/templates/web/apache2/hosting.tpl +++ b/install/debian/9/templates/web/apache2/hosting.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value upload_max_filesize 10M php_admin_value max_execution_time 20 php_admin_value post_max_size 8M diff --git a/install/debian/9/templates/web/apache2/phpcgi.stpl b/install/debian/9/templates/web/apache2/phpcgi.stpl index ae560dbe..7c1248d4 100644 --- a/install/debian/9/templates/web/apache2/phpcgi.stpl +++ b/install/debian/9/templates/web/apache2/phpcgi.stpl @@ -14,7 +14,7 @@ SSLRequireSSL AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/phpcgi.tpl b/install/debian/9/templates/web/apache2/phpcgi.tpl index c6796d29..603ea8b9 100644 --- a/install/debian/9/templates/web/apache2/phpcgi.tpl +++ b/install/debian/9/templates/web/apache2/phpcgi.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/phpfcgid.stpl b/install/debian/9/templates/web/apache2/phpfcgid.stpl index bc3688d9..98304f2a 100644 --- a/install/debian/9/templates/web/apache2/phpfcgid.stpl +++ b/install/debian/9/templates/web/apache2/phpfcgid.stpl @@ -14,7 +14,7 @@ SSLRequireSSL AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %sdocroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/apache2/phpfcgid.tpl b/install/debian/9/templates/web/apache2/phpfcgid.tpl index a4c01269..525b1f53 100644 --- a/install/debian/9/templates/web/apache2/phpfcgid.tpl +++ b/install/debian/9/templates/web/apache2/phpfcgid.tpl @@ -13,7 +13,7 @@ ErrorLog /var/log/%web_system%/domains/%domain%.error.log AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch php_admin_value open_basedir %docroot%:%home%/%user%/tmp php_admin_value upload_tmp_dir %home%/%user%/tmp php_admin_value session.save_path %home%/%user%/tmp diff --git a/install/debian/9/templates/web/awstats/awstats.tpl b/install/debian/9/templates/web/awstats/awstats.tpl index 9a92e0fd..6bb51c50 100755 --- a/install/debian/9/templates/web/awstats/awstats.tpl +++ b/install/debian/9/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1 +SkipHosts="127.0.0.1" SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 4349a56d..f6de9e70 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -18,8 +18,21 @@ os='debian' release=$(cat /etc/debian_version | tr "." "\n" | head -n1) codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" vestacp="$VESTA/install/$VERSION/$release" +ARCH="amd64" -if [ "$release" -eq 11 ]; then +if [ "$release" -eq 12 ]; then + software="nginx apache2 apache2-utils + libapache2-mod-fcgid php-fpm php + php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats + vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy + clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core + roundcube-mysql roundcube-plugins mariadb-server mariadb-common + mariadb-client postgresql postgresql-contrib phpmyadmin mc + flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota + e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils + bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl + unrar-free vim-common net-tools unzip iptables xxd spamd rsyslog" +elif [ "$release" -eq 11 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats @@ -118,7 +131,11 @@ help() { # Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - LENGTH=32 + if [ -z "$1" ]; then + LENGTH=32 + else + LENGTH=$1 + fi while [ ${n:=1} -le $LENGTH ]; do PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" let n+=1 @@ -273,7 +290,7 @@ set_default_value 'postgresql' 'no' set_default_value 'mongodb' 'no' set_default_value 'exim' 'yes' set_default_value 'dovecot' 'yes' -if [ $memory -lt 1500000 ]; then +if [ $memory -lt 2500000 ]; then set_default_value 'clamd' 'no' set_default_value 'spamd' 'no' else @@ -474,10 +491,16 @@ echo -e "\n\n" # Asking for confirmation to proceed if [ "$interactive" = 'yes' ]; then - read -p 'Would you like to continue [y/n]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 + prompt_to_continue=1; + if [ ! -z "$email" ] && [ ! -z "$secret_url" ] && [ ! -z "$port" ] && [ ! -z "$servername" ]; then + prompt_to_continue=0; + fi + if [ $prompt_to_continue -eq 1 ]; then + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 + fi fi # Asking for contact email @@ -569,15 +592,19 @@ apt-get -y upgrade check_result $? 'apt-get upgrade failed' echo "=== Installing nginx repo" -apt=/etc/apt/sources.list.d -echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list -wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key -apt-key add /tmp/nginx_signing.key +apt="/etc/apt/sources.list.d" +# echo "deb http://nginx.org/packages/debian/ $codename nginx" > $apt/nginx.list +# wget http://nginx.org/keys/nginx_signing.key -O /tmp/nginx_signing.key +# apt-key add /tmp/nginx_signing.key +echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/nginx-keyring.gpg] https://nginx.org/packages/mainline/$VERSION/ $codename nginx" > $apt/nginx.list +curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-keyring.gpg > /dev/null 2>&1 echo "=== Installing myVesta repo" -echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list -wget $CHOST/deb_signing.key -O deb_signing.key -apt-key add deb_signing.key +# echo "deb http://$RHOST/$codename/ $codename vesta" > $apt/vesta.list +# wget $CHOST/deb_signing.key -O deb_signing.key +# apt-key add deb_signing.key +echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/myvesta-keyring.gpg] https://$RHOST/$codename/ $codename vesta" > $apt/vesta.list +curl -s $CHOST/deb_signing.key | gpg --dearmor | tee /usr/share/keyrings/myvesta-keyring.gpg > /dev/null 2>&1 # Installing jessie backports if [ "$release" -eq 8 ]; then @@ -732,31 +759,37 @@ if [ "$mysql" = 'no' ]; then fi if [ "$mysql8" = 'yes' ]; then echo "=== Preparing MySQL 8 apt repo" - software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') - software=$(echo "$software" | sed -e 's/exim4//') - #software="$software php-mysql roundcube-mysql" - echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list - echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list - echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list - echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list - echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - - # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 - key="467B942D3A79BD29" - readonly key - GNUPGHOME="$(mktemp -d)" - export GNUPGHOME - for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) - do - gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break - done - gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg - gpgconf --kill all - rm -rf "${GNUPGHOME}" - unset GNUPGHOME + if [ "$release" -lt 12 ]; then + software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') + software=$(echo "$software" | sed -e 's/exim4//') + #software="$software php-mysql roundcube-mysql" + echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list + echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list + echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list + echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list + echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + + # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 + key="467B942D3A79BD29" + readonly key + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) + do + gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break + done + gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg + gpgconf --kill all + rm -rf "${GNUPGHOME}" + unset GNUPGHOME + else + # check latest on: https://dev.mysql.com/downloads/repo/apt/ + wget https://dev.mysql.com/get/mysql-apt-config_0.8.34-1_all.deb + dpkg -i mysql-apt-config_0.8.34-1_all.deb + fi mpass=$(gen_pass) debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass" @@ -821,6 +854,12 @@ fi echo "=== Enabling daemon autostart" rm -f /usr/sbin/policy-rc.d +if [ "$release" -gt 11 ]; then + echo "=== Setting up rsyslog" + currentservice='rsyslog' + ensure_startup $currentservice + ensure_start $currentservice +fi #----------------------------------------------------------# # Configure system # @@ -922,7 +961,7 @@ if [ "$apache" = 'no' ] && [ "$nginx" = 'yes' ]; then echo "WEB_PORT='80'" >> $VESTA/conf/vesta.conf echo "WEB_SSL_PORT='443'" >> $VESTA/conf/vesta.conf echo "WEB_SSL='openssl'" >> $VESTA/conf/vesta.conf - if [ "$release" -eq 9 ] || [ "$release" -eq 10 ] || [ "$release" -eq 11 ]; then + if [ "$release" -gt 8 ]; then if [ "$phpfpm" = 'yes' ]; then echo "WEB_BACKEND='php-fpm'" >> $VESTA/conf/vesta.conf fi @@ -954,7 +993,11 @@ if [ "$exim" = 'yes' ]; then echo "ANTIVIRUS_SYSTEM='clamav-daemon'" >> $VESTA/conf/vesta.conf fi if [ "$spamd" = 'yes' ]; then - echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + if [ "$release" -lt 12 ]; then + echo "ANTISPAM_SYSTEM='spamassassin'" >> $VESTA/conf/vesta.conf + else + echo "ANTISPAM_SYSTEM='spamd'" >> $VESTA/conf/vesta.conf + fi fi if [ "$dovecot" = 'yes' ]; then echo "IMAP_SYSTEM='dovecot'" >> $VESTA/conf/vesta.conf @@ -1024,6 +1067,22 @@ if [ "$release" -eq 11 ]; then ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-74.stpl ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-74.tpl fi +if [ "$release" -eq 12 ]; then + echo "== Symlink missing templates" + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl + ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl + + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.sh /usr/local/vesta/data/templates/web/apache2/default.sh + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl + ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl + + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl + ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl +fi echo "== Set nameservers address" sed -i "s/YOURHOSTNAME1/ns1.$servername/" /usr/local/vesta/data/packages/default.pkg @@ -1045,12 +1104,17 @@ $VESTA/bin/v-change-sys-hostname $servername 2>/dev/null echo "== Generating myVesta unsigned SSL certificate" $VESTA/bin/v-generate-ssl-cert $(hostname) $email 'US' 'California' \ - 'San Francisco' 'Vesta Control Panel' 'IT' > /tmp/vst.pem + 'San Francisco' 'myVesta Control Panel' 'IT' > /tmp/vst.pem # Parsing certificate file crt_end=$(grep -n "END CERTIFICATE-" /tmp/vst.pem |cut -f 1 -d:) -key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) -key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) +if [ "$release" -lt 12 ]; then + key_start=$(grep -n "BEGIN RSA" /tmp/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END RSA" /tmp/vst.pem |cut -f 1 -d:) +else + key_start=$(grep -n "BEGIN PRIVATE KEY" /tmp/vst.pem |cut -f 1 -d:) + key_end=$(grep -n "END PRIVATE KEY" /tmp/vst.pem |cut -f 1 -d:) +fi cd $VESTA/ssl sed -n "1,${crt_end}p" /tmp/vst.pem > certificate.crt @@ -1070,7 +1134,9 @@ if [ "$nginx" = 'yes' ]; then cp -f $vestacp/nginx/nginx.conf /etc/nginx/ cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ - cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + if [ "$release" -lt 12 ]; then + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ + fi cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ @@ -1134,7 +1200,13 @@ fi if [ "$phpfpm" = 'yes' ]; then echo "=== Configure PHP-FPM" - if [ "$release" -eq 11 ]; then + if [ "$release" -eq 12 ]; then + cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf + #update-rc.d php8.2-fpm defaults + currentservice='php8.2-fpm' + ensure_startup $currentservice + ensure_start $currentservice + elif [ "$release" -eq 11 ]; then cp -f $vestacp/php-fpm/www.conf /etc/php/7.4/fpm/pool.d/www.conf #update-rc.d php7.4-fpm defaults currentservice='php7.4-fpm' @@ -1207,6 +1279,12 @@ if [ "$proftpd" = 'yes' ]; then currentservice='proftpd' ensure_startup $currentservice ensure_start $currentservice + + # Temporary ProFTPD fix for Debian12 + if [ "$release" -eq 12 ]; then + systemctl disable --now proftpd.socket + systemctl enable --now proftpd.service + fi fi @@ -1304,8 +1382,11 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi - if [ "$release" -eq 11 ]; then + if [ "$release" -gt 10 ]; then echo "=== Configure phpMyAdmin (Debian11 custom part)" # Set config and log directory sed -i "s|define('CONFIG_DIR', '');|define('CONFIG_DIR', '/etc/phpmyadmin/');|" /usr/share/phpmyadmin/libraries/vendor_config.php @@ -1321,6 +1402,9 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php + + # disable root login + echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi fi @@ -1338,10 +1422,12 @@ if [ "$postgresql" = 'yes' ]; then sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin - if [ "$apache" = 'yes' ]; then - cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + if [ "$release" -lt 12 ]; then + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ + fi + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi - cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi @@ -1362,7 +1448,7 @@ if [ "$named" = 'yes' ]; then sed -i "s#/etc/bind/\*\* r,#/etc/bind/\*\* rw,\n /home/\*\* rwm,#g" /etc/apparmor.d/usr.sbin.named # service apparmor status >/dev/null 2>&1 # if [ $? -ne 0 ]; then - service apparmor restart + systemctl restart apparmor # fi fi # update-rc.d bind9 defaults @@ -1383,6 +1469,10 @@ if [ "$exim" = 'yes' ]; then cp -f $vestacp/exim/spam-blocks.conf /etc/exim4/ cp -f $vestacp/exim/deny_senders /etc/exim4/ touch /etc/exim4/white-blocks.conf + touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_email_account_max_recipients + touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour + touch /etc/exim4/limit_per_hosting_account_max_recipients if [ "$spamd" = 'yes' ]; then sed -i "s/#SPAM/SPAM/g" /etc/exim4/exim4.conf.template @@ -1391,6 +1481,12 @@ if [ "$exim" = 'yes' ]; then sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template fi + # Generating SRS KEY - the code is taken from HestiaCP + srs=$(gen_pass 16) + echo $srs > /etc/exim4/srs.conf + chmod 640 /etc/exim4/srs.conf + chown root:Debian-exim /etc/exim4/srs.conf + chmod 640 /etc/exim4/exim4.conf.template rm -rf /etc/exim4/domains mkdir -p /etc/exim4/domains @@ -1405,7 +1501,8 @@ if [ "$exim" = 'yes' ]; then #update-rc.d exim4 defaults currentservice='exim4' ensure_startup $currentservice - ensure_start $currentservice + systemctl restart $currentservice + # ensure_start $currentservice fi @@ -1475,12 +1572,33 @@ fi if [ "$spamd" = 'yes' ]; then echo "=== Configure SpamAssassin" #update-rc.d spamassassin defaults - sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin + if [ "$release" -lt 12 ]; then + sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin + currentservice='spamassassin' + else + currentservice='spamd' + fi + + echo "=== Creating spamassassin /nonexistent folder" + mkdir /nonexistent + mkdir /nonexistent/.spamassassin + chown -R nobody:debian-spamd /nonexistent + + echo "=== Patching spamassassin dns_server" + sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf + + echo "== Adding myVesta rules to SpamAssassin" + cat < /etc/spamassassin/myvesta.cf +score RCVD_IN_RP_SAFE 0 +score RCVD_IN_RP_CERTIFIED 0 +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf - currentservice='spamassassin' ensure_startup $currentservice - # ensure_start $currentservice - systemctl restart spamassassin + systemctl restart $currentservice fi @@ -1518,14 +1636,12 @@ if [ "$exim" = 'yes' ] && { [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; } the /etc/roundcube/plugins/password/config.inc.php mysql roundcube < /usr/share/dbconfig-common/data/roundcube/install/mysql chmod a+r /etc/roundcube/main.inc.php - if [ "$release" -eq 8 ] || [ "$release" -eq 9 ] || [ "$release" -eq 10 ] || [ "$release" -eq 11 ]; then - mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php - mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php - chmod 640 /etc/roundcube/debian-db-roundcube.php - chmod 640 /etc/roundcube/config.inc.php - chown root:www-data /etc/roundcube/debian-db-roundcube.php - chown root:www-data /etc/roundcube/config.inc.php - fi + mv -f /etc/roundcube/main.inc.php /etc/roundcube/config.inc.php + mv -f /etc/roundcube/db.inc.php /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/debian-db-roundcube.php + chmod 640 /etc/roundcube/config.inc.php + chown root:www-data /etc/roundcube/debian-db-roundcube.php + chown root:www-data /etc/roundcube/config.inc.php sed -i "s#^\$config\['smtp_user'\].*#\$config\['smtp_user'\] = '%u';#g" /etc/roundcube/defaults.inc.php sed -i "s#^\$config\['smtp_pass'\].*#\$config\['smtp_pass'\] = '%p';#g" /etc/roundcube/defaults.inc.php if [ "$release" -eq 8 ]; then @@ -1582,6 +1698,27 @@ if [ "$fail2ban" = 'yes' ]; then fline=$(echo "$fline" |grep enabled |tail -n1 |cut -f 1 -d -) sed -i "${fline}s/false/true/" /etc/fail2ban/jail.local fi + if [ ! -e /var/log/auth.log ]; then + # Debian workaround: auth logging was moved to systemd + # We took this fix from HestiaCP + touch /var/log/auth.log + chmod 640 /var/log/auth.log + chown root:adm /var/log/auth.log + fi + if [ "$proftpd" = 'yes' ]; then + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fi + #update-rc.d fail2ban defaults currentservice='fail2ban' ensure_startup $currentservice @@ -1594,7 +1731,7 @@ fi #----------------------------------------------------------# echo "=== Configure Admin User" -if [ "$release" -eq 11 ]; then +if [ "$release" -gt 10 ]; then echo "=== Switching to sha512" sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password fi @@ -1728,6 +1865,19 @@ if [ "$release" -eq 11 ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' fi fi +if [ "$release" -eq 12 ]; then + if [ -f "/etc/php/8.2/fpm/pool.d/$servername.conf" ]; then + echo "== FPM pool.d $servername tweaks" + sed -i "/^group =/c\group = www-data" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "s|80M|800M|g" /etc/php/8.2/fpm/pool.d/$servername.conf + sed -i "s|256M|512M|g" /etc/php/8.2/fpm/pool.d/$servername.conf + service php8.2-fpm restart + ln -s /var/lib/roundcube /var/lib/roundcube/webmail + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' + fi +fi echo "== Adding cron jobs" command="sudo $VESTA/bin/v-update-sys-queue disk" @@ -1787,6 +1937,9 @@ fi if [ "$release" -eq 11 ]; then apt-get -y install php7.4-apcu php7.4-mbstring php7.4-bcmath php7.4-curl php7.4-gd php7.4-intl php7.4-mysql php7.4-mysqlnd php7.4-pdo php7.4-soap php7.4-json php7.4-xml php7.4-zip php7.4-memcache php7.4-memcached php7.4-zip php7.4-imagick php7.4-imap fi +if [ "$release" -eq 12 ]; then + apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap +fi touch /var/log/php-mail.log chmod a=rw /var/log/php-mail.log @@ -1835,6 +1988,13 @@ if [ "$release" -eq 11 ]; then service php7.4-fpm restart fi +if [ "$release" -eq 12 ]; then + echo "=== Patching php8.2" + patch /etc/php/8.2/fpm/php.ini < /usr/local/vesta/src/deb/for-download/tools/patches/php8.2.patch + update-alternatives --set php /usr/bin/php8.2 + service php8.2-fpm restart +fi + # echo "=== Patching rcube_vcard.php" # wget -nv https://c.myvestacp.com/tools/patches/rcube_vcard.patch -O /root/rcube_vcard.patch # patch /usr/share/roundcube/program/lib/Roundcube/rcube_vcard.php < /root/rcube_vcard.patch @@ -1912,6 +2072,7 @@ touch /usr/local/vesta/data/upgrades/enable_cookie_httponly touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply touch /usr/local/vesta/data/upgrades/freshclam_start touch /usr/local/vesta/data/upgrades/barracuda_rbl +touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed # Secret URL secretquery='' @@ -1926,18 +2087,24 @@ if [ "$port" != "8083" ]; then $VESTA/bin/v-change-vesta-port $port fi -echo "=== Set URL for phpmyadmin" echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf -if [ "$release" -eq 10 ] || [ "$release" -eq 11 ]; then +if [ "$release" -gt 9 ]; then echo "=== Set max_length_of_MySQL_username=80" + echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf fi -echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf -echo "================================================================" +echo "=== Adding FileManager license to vesta.conf" +echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf # Removing old PHP sessions files -crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - +touch /var/spool/cron/crontabs/root +echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;" >> /var/spool/cron/crontabs/root + +if [ -f "/root/.bash_profile" ]; then + echo "=== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile +fi #----------------------------------------------------------# # myVesta Access Info # diff --git a/src/deb/for-download/nginx/nginx-deb12.conf b/src/deb/for-download/nginx/nginx-deb12.conf new file mode 100644 index 00000000..cf236824 --- /dev/null +++ b/src/deb/for-download/nginx/nginx-deb12.conf @@ -0,0 +1,128 @@ +user admin; +worker_processes 1; +error_log /usr/local/vesta/log/nginx-error.log; +pid /var/run/vesta-nginx.pid; + +events { + worker_connections 128; + use epoll; +} + +http { + # Main settings + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_header_timeout 1m; + client_body_timeout 3m; + client_header_buffer_size 2k; + client_body_buffer_size 256k; + client_max_body_size 256m; + large_client_header_buffers 4 8k; + send_timeout 30; + keepalive_timeout 60 60; + reset_timedout_connection on; + server_tokens off; + server_name_in_redirect off; + server_names_hash_max_size 512; + server_names_hash_bucket_size 512; + + + # Log format + log_format main '$remote_addr - $remote_user [$time_local] $request ' + '"$status" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + log_format bytes '$body_bytes_sent'; + access_log /usr/local/vesta/log/nginx-access.log main; + + + # SSL PCI Compliance + ssl_protocols TLSv1.1 TLSv1.2; + ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; + ssl_session_cache shared:SSL:10m; + ssl_prefer_server_ciphers on; + + + # Mime settings + include /usr/local/vesta/nginx/conf/mime.types; + default_type application/octet-stream; + + + # Compression + gzip on; + gzip_comp_level 9; + gzip_min_length 512; + gzip_buffers 8 64k; + gzip_types text/plain text/css text/javascript + application/x-javascript application/javascript; + gzip_proxied any; + + + # Proxy settings + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass_header Set-Cookie; + proxy_connect_timeout 90; + proxy_send_timeout 90; + proxy_read_timeout 90; + proxy_buffers 32 4k; + fastcgi_read_timeout 300; + + # Error pages + error_page 403 /error/403.html; + error_page 404 /error/404.html; + error_page 502 503 504 /error/50x.html; + + + # Vhost + server { + listen 8083 ssl; + server_name _; + root /usr/local/vesta/web; + charset utf-8; + + # Fix error "The plain HTTP request was sent to HTTPS port" + error_page 497 https://$host:$server_port$request_uri; + + # ssl on; + ssl_certificate /usr/local/vesta/ssl/certificate.crt; + ssl_certificate_key /usr/local/vesta/ssl/certificate.key; + ssl_session_cache shared:SSL:10m; + ssl_session_timeout 10m; + + error_page 404 /error/404/index.html; + error_page 403 /error/index.html; + error_page 500 /error/index.html; + + location / { + expires max; + index index.php; + } + + location /error/ { + expires max; + index index.html; + } + + location /rrd/ { + expires off; + internal; + } + + location /backup/ { + root /; + internal; + } + + location ~ \.php$ { + include /usr/local/vesta/nginx/conf/fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/local/vesta/web/$fastcgi_script_name; + fastcgi_param QUERY_STRING $query_string; + fastcgi_pass unix:/var/run/vesta-php.sock; + fastcgi_intercept_errors on; + break; + } + } +} diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.stpl index eb5631db..a24b368f 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.tpl index cd4e797d..55bc8233 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-56.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.stpl index 38285302..5d944c0f 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.tpl index 7d30d39c..c9378152 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-70.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.stpl index c5d284f7..a718b21f 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.tpl index 695b9937..9f0cf8a7 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-71.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.stpl index 2b4363b4..20792e92 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.tpl index be2ca7ae..89b19147 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-72.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.stpl index 9660c234..39777224 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.tpl index 892c0d1f..b6e306d7 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.stpl index 28224413..902d647a 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.tpl index 7bec5e73..40df2629 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-73.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.stpl index fdbc26f9..739cb48d 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.tpl index 614f20c3..f31ed5a8 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.stpl index df607247..fbc1d9c6 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.tpl index 7b6e2cb5..aaf8f62c 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-74.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.stpl index 4ce4b993..b1335a44 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.tpl index 41a5d506..1b0a610c 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.stpl index f39e9631..fae336fc 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.tpl index b9e32f14..64699c22 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-80.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.stpl index 0d6404ec..4116fd42 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.tpl index f2814063..ee319a20 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.stpl index fb191d03..5822a27a 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.tpl index 1a02ec15..7864b3a4 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-81.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch # # RMode config diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.stpl index 6afebb6e..809e7f33 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.tpl index 03e67a3d..679d1409 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82-public.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.stpl index ed39fad4..e0d04794 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.stpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.stpl @@ -17,7 +17,7 @@ AllowOverride All SSLRequireSSL - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch SSLEngine on SSLVerifyClient none diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.tpl index 789ee9d3..eba95935 100644 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.tpl +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-82.tpl @@ -16,7 +16,7 @@ AllowOverride All - Options +Includes -Indexes +ExecCGI + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh new file mode 100644 index 00000000..f5e7c6fd --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh @@ -0,0 +1,126 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.3-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_83" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_83) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi +if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.3/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl new file mode 100644 index 00000000..cceed0ee --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl new file mode 100644 index 00000000..ac952817 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh new file mode 100644 index 00000000..f5e7c6fd --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh @@ -0,0 +1,126 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.3-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_83" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_83) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi +if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.3/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl new file mode 100644 index 00000000..f043bfa8 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl new file mode 100644 index 00000000..9b5bf916 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl new file mode 100644 index 00000000..91e05b17 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl new file mode 100644 index 00000000..94acbf15 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot%/public + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh new file mode 100644 index 00000000..cbea2de9 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# Adding php pool conf +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +pool_conf="[$2] + +listen = /run/php/php8.4-fpm-$2.sock +listen.owner = $1 +listen.group = $1 +listen.mode = 0666 + +user = $1 +group = $1 + +pm = ondemand +pm.max_children = 8 +request_terminate_timeout = 360s +pm.max_requests = 4000 +pm.process_idle_timeout = 10s +pm.status_path = /status + +php_admin_value[upload_tmp_dir] = /home/$1/tmp +php_admin_value[session.save_path] = /home/$1/tmp +php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube +php_admin_value[upload_max_filesize] = 800M +php_admin_value[max_execution_time] = 300 +php_admin_value[post_max_size] = 800M +php_admin_value[memory_limit] = 512M +php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" +php_admin_flag[mysql.allow_persistent] = off +php_admin_flag[safe_mode] = off + +env[PATH] = /usr/local/bin:/usr/bin:/bin +env[TMP] = /home/$1/tmp +env[TMPDIR] = /home/$1/tmp +env[TEMP] = /home/$1/tmp +" + +pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" +pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" +pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" +pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" +pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" +pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" +pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" +pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" +pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" +pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" +pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" + +if [ -f "$pool_file_56" ]; then + rm $pool_file_56 + systemctl reset-failed php5.6-fpm + systemctl restart php5.6-fpm +fi + +if [ -f "$pool_file_70" ]; then + rm $pool_file_70 + systemctl reset-failed php7.0-fpm + systemctl restart php7.0-fpm +fi + +if [ -f "$pool_file_71" ]; then + rm $pool_file_71 + systemctl reset-failed php7.1-fpm + systemctl restart php7.1-fpm +fi + +if [ -f "$pool_file_72" ]; then + rm $pool_file_72 + systemctl reset-failed php7.2-fpm + systemctl restart php7.2-fpm +fi + +if [ -f "$pool_file_73" ]; then + rm $pool_file_73 + systemctl reset-failed php7.3-fpm + systemctl restart php7.3-fpm +fi + +if [ -f "$pool_file_74" ]; then + rm $pool_file_74 + systemctl reset-failed php7.4-fpm + systemctl restart php7.4-fpm +fi + +if [ -f "$pool_file_80" ]; then + rm $pool_file_80 + systemctl reset-failed php8.0-fpm + systemctl restart php8.0-fpm +fi + +if [ -f "$pool_file_81" ]; then + rm $pool_file_81 + systemctl reset-failed php8.1-fpm + systemctl restart php8.1-fpm +fi + +if [ -f "$pool_file_82" ]; then + rm $pool_file_82 + systemctl reset-failed php8.2-fpm + systemctl restart php8.2-fpm +fi + +if [ -f "$pool_file_83" ]; then + rm $pool_file_83 + systemctl reset-failed php8.3-fpm + systemctl restart php8.3-fpm +fi + +write_file=0 +if [ ! -f "$pool_file_84" ]; then + write_file=1 +else + user_count=$(grep -c "/home/$1/" $pool_file_84) + if [ $user_count -eq 0 ]; then + write_file=1 + fi +fi +if [ $write_file -eq 1 ]; then + echo "$pool_conf" > $pool_file_84 + systemctl reset-failed php8.4-fpm + systemctl restart php8.4-fpm +fi +if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then + rm /etc/php/8.4/fpm/pool.d/www.conf +fi + +exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl new file mode 100644 index 00000000..848abf7c --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl @@ -0,0 +1,36 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %sdocroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + SSLRequireSSL + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + SSLEngine on + SSLVerifyClient none + SSLCertificateFile %ssl_crt% + SSLCertificateKeyFile %ssl_key% + %ssl_ca_str%SSLCertificateChainFile %ssl_ca% + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl new file mode 100644 index 00000000..065c1f89 --- /dev/null +++ b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl @@ -0,0 +1,30 @@ + + + ServerName %domain_idn% + %alias_string% + ServerAdmin %email% + DocumentRoot %docroot% + ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ + Alias /vstats/ %home%/%user%/web/%domain%/stats/ + Alias /error/ %home%/%user%/web/%domain%/document_errors/ + #SuexecUserGroup %user% %group% + CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes + CustomLog /var/log/%web_system%/domains/%domain%.log combined + ErrorLog /var/log/%web_system%/domains/%domain%.error.log + + AllowOverride All + + + AllowOverride All + Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch + + + + SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" + + SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 + + IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* + + + diff --git a/src/deb/for-download/tools/default-pool.d/8.3/www.conf b/src/deb/for-download/tools/default-pool.d/8.3/www.conf new file mode 100644 index 00000000..f18939a3 --- /dev/null +++ b/src/deb/for-download/tools/default-pool.d/8.3/www.conf @@ -0,0 +1,490 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of the child processes. This can be used only if the master +; process running user is root. It is set after the child process is created. +; The user and group can be specified either by their name or by their numeric +; IDs. +; Note: If the user is root, the executable needs to be started with +; --allow-to-run-as-root option to work. +; Default Values: The user is set to master process running user by default. +; If the group is not set, the user's group is used. +user = www-data +group = www-data + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /run/php/php8.3-fpm.sock + +; Set listen(2) backlog. +; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: Owner is set to the master process running user. If the group +; is not set, the owner's group is used. Mode is set to 0660. +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Set the associated the route table (FIB). FreeBSD only +; Default Value: -1 +;listen.setfib = 1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or +; PROC_TRACE_CTL procctl for FreeBSD) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of rate to spawn child processes at once. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +; Default Value: 32 +;pm.max_spawn_rate = 32 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php/8.3/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{milli}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" + +; A list of request_uri values which should be filtered from the access log. +; +; As a security precuation, this setting will be ignored if: +; - the request method is not GET or HEAD; or +; - there is a request body; or +; - there are query parameters; or +; - the response code is outwith the successful range of 200 to 299 +; +; Note: The paths are matched against the output of the access.format tag "%r". +; On common configurations, this may look more like SCRIPT_NAME than the +; expected pre-rewrite URI. +; +; Default Value: not set +;access.suppress_path[] = /ping +;access.suppress_path[] = /health_check.php + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/$pool.log.slow + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/imapsync/create-mail-sync.sh b/src/deb/for-download/tools/imapsync/create-mail-sync.sh index e325754e..94762505 100644 --- a/src/deb/for-download/tools/imapsync/create-mail-sync.sh +++ b/src/deb/for-download/tools/imapsync/create-mail-sync.sh @@ -35,18 +35,35 @@ fi TESTOPT="" if [[ $TEST -eq 1 ]]; then - TESTOPT="--justlogin" + TESTOPT="--justlogin" fi if [ ! -d "accounts" ]; then mkdir accounts fi if [ -f "accounts/$EMAIL" ]; then - echo "********* $EMAIL ALREADY EXISTS !!! ************" + echo "********* EMAIL $EMAIL ALREADY EXISTS !!! ************" exit 1; exit fi +euser=$(echo $EMAIL | cut -d '@' -f 1) +domain=$(echo $EMAIL | cut -d '@' -f 2) +user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) +if [ "$user" != "" ]; then + echo "=== Email '$EMAIL' has username email part '$euser', domain is '$domain', and belongs to myVesta account: $user" + if [ ! -d "/home/$user/mail/$domain" ]; then + echo "======= Creating '$domail' in MAIL section" + /usr/local/vesta/bin/v-add-mail-domain "$user" "$domain" + fi + if [ ! -d "/home/$user/mail/$domain/$euser" ]; then + echo "======= Creating '$euser' mail account for domain '$domain'" + /usr/local/vesta/bin/v-add-mail-account "$user" "$domain" "$euser" "$PASS2" + echo "" + fi +fi + + echo "Writing to: accounts/$EMAIL" echo "#!/bin/bash @@ -67,21 +84,20 @@ exit; chmod a=rwx accounts/$EMAIL if [[ $TEST -eq 0 ]]; then - exit 0; + exit 0; fi accounts/$EMAIL RET=$? if [ $RET -eq 0 ]; then - # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" - sed -i "s/--justlogin//g" accounts/$EMAIL - echo "--- OK! ---" - echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log + # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" + sed -i "s/--justlogin//g" accounts/$EMAIL + echo "--- OK! ---" + echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log else - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - rm accounts/$EMAIL + echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" + rm accounts/$EMAIL + read -p "=== Press ENTER to continue ===" entered fi exit $RET; diff --git a/src/deb/for-download/tools/imapsync/import-from-file.sh b/src/deb/for-download/tools/imapsync/import-from-file.sh new file mode 100644 index 00000000..ac0c42f4 --- /dev/null +++ b/src/deb/for-download/tools/imapsync/import-from-file.sh @@ -0,0 +1,56 @@ +#!/bin/bash +# +# This script reads email and password=s in following format: +# email1 pass +# email2 pass +# email3 pass + +# The first parameter is the text file from which we read emails and passwords +# The second parameter is SMTP Hostname +# The third parameter is domain if lines contains only username part + + +host='' +if [ $# -gt 1 ]; then + host=$2 +else + echo "Usage: ./import-from-file.sh 'FILE' 'SMTPHOST' ['DOMAIN']" + exit 1; +fi + +domain='' +if [ $# -gt 2 ]; then + domain=$3 +fi + +end_of_file=0 +while [[ $end_of_file == 0 ]]; do + + read -r line + end_of_file=$? + + if [ "$line" == "" ]; then + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + continue + fi + + email=$(echo "$line" | awk '{print $1}') + pass=$(echo "$line" | awk '{print $2}') + + if [[ $email != *"@"* ]]; then + email="$email@$domain" + fi + + echo "Extracted: '$email' = '$pass'" + + ./create-mail-sync.sh "$host" "$email" "$pass" + + if [[ $end_of_file == 1 ]]; then + echo "===EOF===" + break; + fi + +done < $1 diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh index 6311563e..0f6a343a 100644 --- a/src/deb/for-download/tools/install-new-roundcube.sh +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -3,7 +3,7 @@ USER='webmail' DOMAIN='' # enter domain or subdomain -VERSION='1.6.0' +VERSION='1.6.6' DOWNLOAD="https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz" LOGINMESSAGE1='Click here for NEW Webmail' @@ -140,6 +140,27 @@ if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-74.tpl" ]; then apt install -y php7.4-imap echo "================================" fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-80.tpl" ]; then + echo "================================" + echo "== Installing php8.0-imap module" + apt update + apt install -y php8.0-imap + echo "================================" +fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-81.tpl" ]; then + echo "================================" + echo "== Installing php8.1-imap module" + apt update + apt install -y php8.1-imap + echo "================================" +fi +if [ -f "/usr/local/vesta/data/templates/web/apache2/PHP-FPM-82.tpl" ]; then + echo "================================" + echo "== Installing php8.2-imap module" + apt update + apt install -y php8.2-imap + echo "================================" +fi echo "-------------------------------------" echo "Go to:" @@ -147,6 +168,7 @@ echo "https://${DOMAIN}/installer/" echo "... and finish the Roundcube installation." echo "" echo "You will be asked for:" +echo "Database host: localhost" echo "Database user: $DATABASE_NAME" echo "Database name: $DATABASE_NAME" echo "Database pass: $DATABASE_PASSWORD" @@ -175,17 +197,19 @@ if [ -d "/home/$USER/web/$DOMAIN/public_html/plugins/password" ]; then cp /usr/share/roundcube/plugins/password/drivers/vesta.php /home/$USER/web/$DOMAIN/public_html/plugins/password/drivers/vesta.php fi -wget -nv https://c.myvestacp.com/tools/roundcube-filters.tgz -O /root/roundcube-filters.tgz -tar --directory /home/$USER/web/$DOMAIN/public_html/plugins -xzf /root/roundcube-filters.tgz +# wget -nv https://c.myvestacp.com/tools/roundcube-filters.tgz -O /root/roundcube-filters.tgz +# tar --directory /home/$USER/web/$DOMAIN/public_html/plugins -xzf /root/roundcube-filters.tgz +# sed -i "s/\$config\['plugins'\] = \[/\$config['plugins'] = ['filters', /g" /home/$USER/web/$DOMAIN/public_html/config/config.inc.php -sed -i "s/\$config\['plugins'\] = \[/\$config['plugins'] = ['filters', /g" /home/$USER/web/$DOMAIN/public_html/config/config.inc.php echo "\$config['session_lifetime'] = 1080;" >> /home/$USER/web/$DOMAIN/public_html/config/config.inc.php fix_ownership -check_grep=$(grep -c 'color: white; font-size: 12pt' /usr/share/roundcube/skins/larry/templates/login.html) -if [ "$check_grep" -eq 0 ]; then - sed -i "s||

$LOGINMESSAGE1
$LOGINMESSAGE2


\n\n|g" /usr/share/roundcube/skins/larry/templates/login.html +if [ -f "/usr/share/roundcube/skins/larry/templates/login.html" ]; then + check_grep=$(grep -c 'color: white; font-size: 12pt' /usr/share/roundcube/skins/larry/templates/login.html) + if [ "$check_grep" -eq 0 ]; then + sed -i "s||

$LOGINMESSAGE1
$LOGINMESSAGE2


\n\n|g" /usr/share/roundcube/skins/larry/templates/login.html + fi fi check_grep=$(grep -c 'MAIL_URL=' /usr/local/vesta/conf/vesta.conf) diff --git a/src/deb/for-download/tools/install-rocket-nginx.sh b/src/deb/for-download/tools/install-rocket-nginx.sh index 20364f80..ca1f8b2a 100644 --- a/src/deb/for-download/tools/install-rocket-nginx.sh +++ b/src/deb/for-download/tools/install-rocket-nginx.sh @@ -1,5 +1,12 @@ #!/bin/bash +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl + echo "Updating apt, please wait..." apt-get update > /dev/null 2>&1 @@ -17,9 +24,6 @@ fi cd rocket-nginx cp rocket-nginx.ini.disabled rocket-nginx.ini php rocket-parser.php -/usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}' - -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl +if [ -f "/etc/nginx/rocket-nginx/conf.d/default.conf" ]; then + /usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}' +fi diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index 764f56cf..aa1b7353 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -13,6 +13,8 @@ inst_74=0 inst_80=0 inst_81=0 inst_82=0 +inst_83=0 +inst_84=0 ####################################################################### @@ -56,8 +58,14 @@ fi if [ $# -gt 9 ]; then inst_82=${10} fi +if [ $# -gt 10 ]; then + inst_83=${11} +fi +if [ $# -gt 11 ]; then + inst_84=${12} +fi -if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ]; then +if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ] || [ $inst_84 -eq 1 ]; then inst_repo=1 fi @@ -87,6 +95,8 @@ echo "inst_74=$inst_74" echo "inst_80=$inst_80" echo "inst_81=$inst_81" echo "inst_82=$inst_82" +echo "inst_83=$inst_83" +echo "inst_84=$inst_84" echo "wait_to_press_enter=$wait_to_press_enter" press_enter "=== Press enter to continue ===============================================================================" @@ -95,21 +105,20 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg - if [ $debian_version -eq 8 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ jessie main" > /etc/apt/sources.list.d/php.list' - fi - if [ $debian_version -eq 9 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ stretch main" > /etc/apt/sources.list.d/php.list' - fi - if [ $debian_version -eq 10 ]; then - sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' + if [ $debian_version -ge 11 ]; then + wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi + # if [ $debian_version -eq 10 ]; then + # sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' + # fi if [ $debian_version -eq 11 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' fi + if [ $debian_version -eq 12 ]; then + sh -c 'echo "deb https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php.list' + fi apt update - apt upgrade -y + # apt upgrade -y press_enter "=== Press enter to continue ===============================================================================" fi @@ -341,9 +350,63 @@ if [ "$inst_82" -eq 1 ]; then press_enter "=== PHP 8.2 installed, press enter to continue ===============================================================================" fi +if [ "$inst_83" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.3 ===============================================================================" + apt -y install php8.3-mbstring php8.3-bcmath php8.3-cli php8.3-curl php8.3-fpm php8.3-gd php8.3-intl php8.3-mysql php8.3-soap php8.3-xml php8.3-zip php8.3-memcache php8.3-memcached php8.3-imagick + update-rc.d php8.3-fpm defaults + a2enconf php8.3-fpm + a2dismod php8.3 + apt-get -y remove libapache2-mod-php8.3 + systemctl restart apache2 + cp -r /etc/php/8.3/ /root/vst_install_backups/php8.3/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh + echo "=== Patching php.ini for php8.3" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.3.patch + patch /etc/php/8.3/fpm/php.ini < /root/php8.3.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.3/fpm/php.ini + fi + service php8.3-fpm restart + press_enter "=== PHP 8.3 installed, press enter to continue ===============================================================================" +fi -apt update > /dev/null 2>&1 -apt upgrade -y > /dev/null 2>&1 +if [ "$inst_84" -eq 1 ]; then + press_enter "=== Press enter to install PHP 8.4 ===============================================================================" + apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick + update-rc.d php8.4-fpm defaults + a2enconf php8.4-fpm + a2dismod php8.4 + apt-get -y remove libapache2-mod-php8.4 + systemctl restart apache2 + cp -r /etc/php/8.4/ /root/vst_install_backups/php8.4/ + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.stpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.tpl + wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh + chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh + echo "=== Patching php.ini for php8.4" + wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.4.patch + patch /etc/php/8.4/fpm/php.ini < /root/php8.4.patch + if [ $memory -gt 9999999 ]; then + sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.4/fpm/php.ini + fi + service php8.4-fpm restart + press_enter "=== PHP 8.4 installed, press enter to continue ===============================================================================" +fi + + +# apt update > /dev/null 2>&1 +# apt upgrade -y > /dev/null 2>&1 if [ $debian_version -ge 10 ]; then a2dismod ruid2 > /dev/null 2>&1 @@ -357,8 +420,44 @@ if [ $debian_version -ge 10 ]; then a2dismod php8.0 > /dev/null 2>&1 a2dismod php8.1 > /dev/null 2>&1 a2dismod php8.2 > /dev/null 2>&1 + a2dismod php8.3 > /dev/null 2>&1 + a2dismod php8.4 > /dev/null 2>&1 a2dismod mpm_prefork > /dev/null 2>&1 a2enmod mpm_event > /dev/null 2>&1 apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 service apache2 restart fi + +if [ -f "/usr/share/phpgate/phpgate.php" ]; then + echo "=== upgrading phpgate" + /usr/local/vesta/bin/v-commander 'm' 'inst pgw' 'q' + echo "=== upgrading phpgate done." + echo "" +fi + +if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then + echo "=== upgrading tailf_apache_error.php" + wget -nv http://dl.myvestacp.com/vesta/tailf.php -O /usr/local/bin/tailf.php + wget -nv http://dl.myvestacp.com/vesta/tailf_apache_error.php -O /usr/local/bin/tailf_apache_error.php + wget -nv http://dl.myvestacp.com/vesta/see-apache-processlist-once.sh -O /usr/local/bin/see-apache-processlist-once.sh + wget -nv http://dl.myvestacp.com/vesta/see-mysql-processlist-once.sh -O /usr/local/bin/see-mysql-processlist-once.sh + chmod u+x /usr/local/bin/see-apache-processlist-once.sh + chmod u+x /usr/local/bin/see-mysql-processlist-once.sh + + # ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" + # echo $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') + kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') + sleep 1 + # ps -Af | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" + # sleep 1 + nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & + echo "=== upgrading tailf_apache_error.php done." + sleep 3 + echo "" +fi + +# Fixing php.ini files to have the correct disable_functions line +/usr/local/vesta/bin/v-fix-php-ini-disable-functions + +echo "Everything done." +echo "" diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl new file mode 100644 index 00000000..7597746c --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl @@ -0,0 +1,56 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # #ssl_on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + + # BEGIN SMUSH-WEBP + location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" { + root %sdocroot%; + add_header Vary Accept; + expires max; + set $image_path $2; + if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") { + break; + } + if ($http_accept !~* "webp") { + break; + } + # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp; + try_files /wp-content/smush-webp/$image_path.webp $uri =404; + } + # END SMUSH-WEBP + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/snginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl new file mode 100644 index 00000000..7e408254 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl @@ -0,0 +1,52 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + proxy_pass http://%ip%:%web_port%; + + # BEGIN SMUSH-WEBP + location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" { + root %sdocroot%; + add_header Vary Accept; + expires max; + set $image_path $2; + if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") { + break; + } + if ($http_accept !~* "webp") { + break; + } + # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp; + try_files /wp-content/smush-webp/$image_path.webp $uri =404; + } + # END SMUSH-WEBP + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl new file mode 100644 index 00000000..3bed6ce3 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl @@ -0,0 +1,87 @@ +server { + listen %ip%:%proxy_ssl_port% ssl; + http2 on; + server_name %domain_idn% %alias_idn%; + root %sdocroot%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + set $cache_uri $request_uri; + set $caching 'ON'; + + # POST requests and urls with a query string should always go to PHP + if ($request_method = POST) { + set $caching 'OFF'; + } + + if ($query_string ~* "(fb_action_ids=|fb_action_types=|fb_source=|fbclid=|utm_source=|utm_campaign=|utm_medium=|utm_expid=|utm_term=|utm_content=|utm_id=|utm_source_platform=|utm_creative_format=|utm_marketing_tactic=|_ga=|gclid=|campaignid=|adgroupid=|adid=|gbraid=|wbraid=|_gl=|gclsrc=|gdfms=|gdftrk=|gdffi=|_ke=|_kx=|trk_contact=|trk_msg=|trk_module=|trk_sid=|mc_cid=|mc_eid=|mkwid=|pcrid=|mtm_source=|mtm_medium=|mtm_campaign=|mtm_keyword=|mtm_cid=|mtm_content=|msclkid=|epik=|pp=|pk_source=|pk_medium=|pk_campaign=|pk_keyword=|pk_cid=|pk_content=|redirect_log_mongo_id=|redirect_mongo_id=|sb_referer_host=)") { + set $query_string_cachable 1; + } + + if ($query_string != "") { + set $query_string_cacheable 1$query_string_cacheable; + } + + if ($query_string_cacheable = 11) { + set $caching 'ON'; + } + + if ($query_string_cacheable = 1) { + set $caching 'OFF'; + } + + # Don't cache uris containing the following segments + if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0–9_-]+-sitemap([0–9]+)?.xml)") { + set $caching 'OFF'; + } + + # Don't use the cache for logged-in users or recent commenters + if ($http_cookie ~* "comment_author|wordpress_[a-f0–9]+|wp-postpass|wordpress_logged_in") { + set $caching 'OFF'; + } + + if ($caching = 'ON') { + set $cachefile "/wp-content/cache/supercache/$http_host/$cache_uri/index-https.html"; + set $cachestatus 'HIT'; + } + + if ($caching = 'OFF') { + set $cachestatus 'MISS'; + } + + add_header X-Cache-Status $cachestatus; + add_header X-Cache-File $cachefile; + + location / { + try_files $cachefile @fallback; + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index d66f80be..f49e99dc 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -1,53 +1,54 @@ -server { - listen %ip%:%proxy_ssl_port%; - server_name %domain_idn% %alias_idn%; - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl index 27dd354b..1387a879 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index d66f80be..f49e99dc 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -1,53 +1,54 @@ -server { - listen %ip%:%proxy_ssl_port%; - server_name %domain_idn% %alias_idn%; - ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - +server { + listen %ip%:%proxy_ssl_port% ssl; + server_name %domain_idn% %alias_idn%; + # ssl on; + # http2 on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl index d8a23009..70fa2866 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl index a6a0b744..415b6f9c 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -1,7 +1,8 @@ server { - listen %ip%:%proxy_ssl_port%; + listen %ip%:%proxy_ssl_port% ssl; server_name %domain_idn% %alias_idn%; - ssl on; + # ssl on; + # http2 on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/patches/exim_forwarding.patch b/src/deb/for-download/tools/patches/exim_forwarding.patch index 1fa6d408..dcefe327 100644 --- a/src/deb/for-download/tools/patches/exim_forwarding.patch +++ b/src/deb/for-download/tools/patches/exim_forwarding.patch @@ -6,7 +6,7 @@ + warn !authenticated = * + hosts = !+relay_from_hosts -+ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/$domain/aliases}{true}{false}} ++ condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} + set acl_m3 = yes + deny message = Restricted characters in address diff --git a/src/deb/for-download/tools/patches/exim_helo_authenticated.patch b/src/deb/for-download/tools/patches/exim_helo_authenticated.patch new file mode 100644 index 00000000..9dd8dbad --- /dev/null +++ b/src/deb/for-download/tools/patches/exim_helo_authenticated.patch @@ -0,0 +1,14 @@ +--- /etc/exim4/exim4.conf.template.orig 2023-04-12 19:05:20.745847763 +0200 ++++ /etc/exim4/exim4.conf.template 2023-04-12 19:34:29.000000000 +0200 +@@ -94 +94,2 @@ +- drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid ++ drop !authenticated = * ++ message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid +@@ -100 +101,2 @@ +- drop condition = ${if isip{$sender_helo_name}} ++ drop !authenticated = * ++ condition = ${if isip{$sender_helo_name}} +@@ -103 +105,2 @@ +- drop condition = ${if eq{[$interface_address]}{$sender_helo_name}} ++ drop !authenticated = * ++ condition = ${if eq{[$interface_address]}{$sender_helo_name}} diff --git a/src/deb/for-download/tools/patches/fix-fpm-poold.sh b/src/deb/for-download/tools/patches/fix-fpm-poold.sh index 94566768..311ef9cd 100644 --- a/src/deb/for-download/tools/patches/fix-fpm-poold.sh +++ b/src/deb/for-download/tools/patches/fix-fpm-poold.sh @@ -16,10 +16,10 @@ if [ -d "/etc/php" ]; then find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" - OLDVAL='pm.max_children = 8' + OLDVAL='pm.max_children = ' NEWVAL='pm.max_children = 3' - find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" - find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" OLDVAL='request_terminate_timeout = ' NEWVAL='request_terminate_timeout = 360s' diff --git a/src/deb/for-download/tools/patches/php8.2.patch b/src/deb/for-download/tools/patches/php8.2.patch index 1083a720..ed127499 100644 --- a/src/deb/for-download/tools/patches/php8.2.patch +++ b/src/deb/for-download/tools/patches/php8.2.patch @@ -5,7 +5,7 @@ ; It receives a comma-delimited list of function names. ; https://php.net/disable-functions -disable_functions = -+ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ++disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ; This directive allows you to disable certain classes. ; It receives a comma-delimited list of class names. diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl index d770ac6a..1f67154e 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl index a2f7f9f2..dfd00270 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl index 6118fa82..6d632713 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl new file mode 100644 index 00000000..b263d6b5 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl index b4468a6a..db6ab623 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl index df269ad4..8435a72b 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl index 13657bd3..2cc5c781 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 8; + limit_conn addr 9; + limit_conn zone_site 25; limit_req zone=two burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl index 8e0a0f5a..856ebd56 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl index a4035844..5bf3fbf8 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 4; + limit_conn addr 7; + limit_conn zone_site 20; limit_req zone=two burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl index 9649671d..5d42830f 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl index 9e0edcf8..e57dbd1a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; + limit_conn addr 5; + limit_conn zone_site 15; limit_req zone=one burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl new file mode 100644 index 00000000..5c3f22ac --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl new file mode 100644 index 00000000..44f6162c --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl @@ -0,0 +1,92 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 10; + limit_conn zone_site 30; + limit_req zone=one burst=28 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 48; + limit_conn zone_site 60; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=one burst=80 delay=14; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 16; + limit_conn zone_site 30; + limit_req zone=wfone burst=240; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl new file mode 100644 index 00000000..b263d6b5 --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl @@ -0,0 +1,95 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + # ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %sdocroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl new file mode 100644 index 00000000..7203b88c --- /dev/null +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl @@ -0,0 +1,92 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + location / { + error_page 418 = @wordfence_lh; + error_page 419 = @wordfence_route; + error_page 420 = @wordfence_sync; + + if ($request_uri ~ "^/\?wordfence_lh") { return 418; } + if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } + if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } + + limit_conn addr 5; + limit_conn zone_site 15; + limit_req zone=one burst=14 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-admin/ { + limit_conn addr 24; + limit_conn zone_site 30; + limit_req zone=one burst=40 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=one burst=40 delay=7; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_lh { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_route { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location @wordfence_sync { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location /wp-json/wordfence/ { + limit_conn addr 8; + limit_conn zone_site 15; + limit_req zone=wfone burst=120; + proxy_pass http://%ip%:%web_port%; + } + + location ~* ^.+\.(%proxy_extentions%)$ { + root %docroot%; + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + # try_files $uri @fallback; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass http://%ip%:%web_port%; + } + + location ~ /wp-config.php {return 404;} + location ~ /xmlrpc.php {return 404;} + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/nginx.%domain%.conf*; +} + diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl index 21acb34b..42bc195b 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl @@ -7,7 +7,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl index 9438e532..177a71c6 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl @@ -4,7 +4,8 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 2; + limit_conn addr 3; + limit_conn zone_site 10; limit_req zone=one burst=7 delay=3; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 8710008c..8f4d4e88 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -12,7 +12,7 @@ grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then - sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf + sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf echo "=== Added rate_limit to nginx.conf" fi @@ -22,6 +22,18 @@ if [ "$grepc" -eq 1 ]; then echo "=== Decrease addr zone to 1mb to nginx.conf" fi +grepc=$(grep -c 'zone=zone_site:1m' /etc/nginx/nginx.conf) +if [ "$grepc" -eq 0 ]; then + sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;|g' /etc/nginx/nginx.conf + echo "=== Added rate_limit 'zone_site' to nginx.conf" +fi + +grepc=$(grep -c 'zone=wfone:1m' /etc/nginx/nginx.conf) +if [ "$grepc" -eq 0 ]; then + sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;|g' /etc/nginx/nginx.conf + echo "=== Added rate_limit 'wfone' to nginx.conf" +fi + grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf) if [ "$grepc" -eq 1 ]; then sed -i 's|zone=one:10m|zone=one:1m|g' /etc/nginx/nginx.conf @@ -54,4 +66,14 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-burst wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl -service nginx restart +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl + +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl + +systemctl restart nginx diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl new file mode 100644 index 00000000..2a6a7671 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl @@ -0,0 +1,73 @@ +server { + listen %ip%:%proxy_ssl_port% ssl http2; + server_name %domain_idn% %alias_idn%; + + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + root %sdocroot%; + + # Serve WebP if browser supports it + location ~* ^/wp-content/.*\.(png|jpe?g)$ { + add_header Vary Accept; + expires 365d; + + if ($http_accept !~* "webp") { + break; + } + + try_files + /wp-content/webp-express/webp-images/doc-root/$uri.webp + $uri.webp + @webp_on_demand; + } + + # Route .webp requests to converter if not found + location @webp_on_demand { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow .webp passthrough (trigger php fallback if not found) + location ~* ^/wp-content/.*\.(png|jpe?g)\.webp$ { + try_files + $uri + @webp_realizer; + } + + location @webp_realizer { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Allow PHP access to WebP Express WOD handler + location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { + proxy_pass https://%ip%:%web_ssl_port%; + } + + # Rocket-Nginx configuration + include rocket-nginx/conf.d/default.conf; + + location / { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location @fallback { + proxy_pass https://%ip%:%web_ssl_port%; + } + + location ~ /\.ht {return 404;} + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + disable_symlinks if_not_owner from=%docroot%; + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; +} diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl new file mode 100644 index 00000000..5a463370 --- /dev/null +++ b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl @@ -0,0 +1,8 @@ +server { + listen %ip%:%proxy_port%; + server_name %domain_idn% %alias_idn%; + location / { + rewrite ^(.*) https://$host$1 permanent; + } +include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; +} diff --git a/src/deb/for-download/tools/spamassassin/barracuda.cf b/src/deb/for-download/tools/spamassassin/barracuda.cf index 4491d645..4d5aa0c4 100644 --- a/src/deb/for-download/tools/spamassassin/barracuda.cf +++ b/src/deb/for-download/tools/spamassassin/barracuda.cf @@ -1,15 +1,9 @@ header IN_BCUDA_RBL rbleval:check_rbl('bcuda', 'b.barracudacentral.org') describe IN_BCUDA_RBL Received via a relay listed by Barracuda BRBL tflags IN_BCUDA_RBL net +score RCVD_IN_BCUDA_RBL 1.00 -header RCVD_IN_BCUDA_RELAY rbleval:check_rbl_results_for('bcuda', '127.0.0.2') +header RCVD_IN_BCUDA_RELAY rbleval:check_rbl_sub('bcuda', '127.0.0.2') describe RCVD_IN_BCUDA_RELAY BCUDA: relay ip is convicted spammer tflags RCVD_IN_BCUDA_RELAY net - -score RCVD_IN_BCUDA_RBL 1.00 -score RCVD_IN_BCUDA_RELAY 3.00 - -header IN_BCUDA_HOP rbleval:check_rbl('bcuda-notfirsthop', 'b.barracudacentral.org') -describe IN_BCUDA_HOP Received via a relay listed by Barracuda BRBL -tflags IN_BCUDA_HOP net -score RCVD_IN_BCUDA_HOP 1.00 +score RCVD_IN_BCUDA_RELAY 4.00 diff --git a/src/deb/ioncube/copyright b/src/deb/ioncube/copyright index bd92bd81..c62257d2 100644 --- a/src/deb/ioncube/copyright +++ b/src/deb/ioncube/copyright @@ -1,243 +1,243 @@ -LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE -OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) - -YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE -LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP -LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU -DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY -AND/OR USE THE LOADER SOFTWARE. - -DEFINITIONS - -The following definitions shall apply in this document: - -LOADER shall mean the ionCube PHP Loader software package or collection -of Loaders, including any modifications or upgrades to the software, used for -executing PHP scripts previously encoded with the ionCube PHP Encoder -software to render them non-humanly readable, and any associated -documentation or electronic or online materials relating to the software. - -ENCODER shall mean any ionCube PHP Encoder software or service used for the -purpose of producing non-humanly readable encoded files from PHP scripts. - -ENCODED FILE shall mean a non-humanly readable file produced by the -Encoder and being derived from humanly readable PHP script source. - -PROVIDER shall mean ionCube Ltd. - -USER/YOU shall mean any entity who has downloaded or obtained through any -other means a version of the Loader software. - - -1 LICENSE ENTITLEMENT - -1.1 The Loader is provided without charge. Title to the Loader does not pass -to the user in any circumstances. The Loader is supplied as object code. - -1.2 The provider grants a personal, non-transferable, non-exclusive licence to -use the Loader in accordance with the terms and conditions of this Licence -Agreement. - -1.3 The installation or downloading and use of the Loader entitles the user -to install and use the Loader for its own internal lawful purposes. - - -2 DISTRIBUTION - -2.1 The Loader may be freely distributed to third parties alone or as -part of a distribution containing other items provided that this license -is also included. - -2.2 The Loader may under no circumstances be branded as another product, -whether distributed or not. - -2.3 Distribution as part of a commercial product is permitted provided such -distribution is in accordance with clauses 2.1 and 2.2 with respect to the -Loader. - - -3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION - -Except insofar as the user is permitted to do so in accordance with applicable -law: - -3.1 Any analysis of the Loader and embedded data by any means and by -any entity whether human or otherwise and including but without limitation to -discover details of internal operation, to reverse engineer, to de-compile -object code, or to modify for the purposes of modifying behaviour is -forbidden. - -3.2 Any analysis of encoded files by any means and by any entity whether human -or otherwise and including but without limitation to discover details of file -format or for the purposes of modifying behaviour or scope of their usage is -forbidden. - - -4 WARRANTY - -THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED -WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE -DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED -OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN -CONJUNCTION WITH ANY OTHER PRODUCT. - - -5 LIMITATION OF LIABILITY - -5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY -PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER -CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE -AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS -EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL -WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING -FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR -OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY -LAW. - -5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT -ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS -A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS -OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE -PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH -DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS -TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. - -5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS -LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE -PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. - -5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY -E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY -THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING -TRANSMISSION. - - -6 BUG FIXING AND PRODUCT SUPPORT - -6.1 The provider will use reasonable endeavours to provide support to users. -The provider will at their discretion only provide support for the latest -release. - -6.2 Support comprises of fault reporting via tickets and fault diagnosis, -recommendations on workarounds, and where reasonably possible a timely -resolution. - -6.3 The user accepts that on occasion the ability of the provider to meet -anticipated or published support schedules may be impaired due to, but without -limitation, Internet service provider failures or software failures that -affect the ability to communicate for an indeterminate period. - -6.4 The provider reserves the right to refuse to provide support at any time. - -6.5 The provider wishes to maintain and offer a product of the highest -possible quality, and accordingly may from time to time and at its discretion -make product changes for the purpose of correcting behaviour in variance to -the published specification or the user's reasonable expectations. - -6.6 The provider reserves the right to charge for support where the user does -not have a valid support plan in place, or where the support offered exceeds -the scope of the active support plan. - - -7 PRODUCT UPGRADES - -7.1 The provider may from time to time release product upgrades. These will -be provided free of charge and attempts made to provide a timely notification -to customers of the existence of any new release. - - -8 ERRORS AND OMISSIONS - -Whilst reasonable endeavours are made to ensure the accuracy of documentation -concerning the details of the Loader, the user accepts the possibility of -inaccuracies in information presented in any format, including email -communications and online services. The provider shall under no circumstances -be liable for any events that arise as a result of unintentional inaccuracies -or omissions. - - -9 USER INDEMNITY - -You agree to fully indemnify, defend and hold the provider harmless -immediately upon demand from and against all actions, liability, claims, -losses, damages, costs and expenses (including legal/attorney fees) incurred -by the provider arising directly or indirectly as a result of your breach of -this Licence Agreement. - - -10 INTELLECTUAL PROPERTY RIGHTS - -10.1 The user acknowledges that the Loader and associated documentation and -materials contain proprietary information of the provider and are and shall -remain the exclusive property of the provider and/or its licensors and all -title, copyright, trade marks, trade names, patents and other intellectual -property rights therein of whatever nature shall remain the sole property of -the provider and/or its licensors. - -10.2 No title to or rights of ownership, copyright or other intellectual -property in the Loader is transferred to the user (other than the licence -rights expressly granted in this Licence Agreement). - - -11 TERMINATION - -11.1 The provider reserves the right to terminate this Licence Agreement -immediately by notice in writing against the user if the user is in breach of -any terms and conditions of this Licence Agreement. - -11.2 Termination of this Licence Agreement for any reason shall be without -prejudice to any other rights or remedies of the provider which may have -arisen on or before the date of termination under this Licence Agreement or in -law. - -11.3 The provisions of the following clauses shall survive any termination of -this agreement; clause 3, 5, 10 and 13. - - -12 GENERAL - -12.1 The provider reserves the right to transfer or assign all or any of its -rights and duties and responsibilities set out in this Licence Agreement to -another party. - -12.2 Headings have been included for convenience only and will not be used in -construing any provision of this Licence Agreement. - -12.3 No delay or failure by the provider to exercise any powers, rights or -remedies under this Licence Agreement will operate as a waiver of them nor -will any single or partial exercise of any such powers, rights or remedies -include any other or further exercise of them. - -12.4 If any part of this Licence Agreement is found by a court of competent -jurisdiction or other competent authority to be invalid, unlawful or -unenforceable then such part shall be severed from the remainder of this -Licence Agreement which will continue to be valid and enforceable to the -fullest extent permitted by applicable law. - -12.5 This Licence Agreement including the documents or other sources referred -to herein supersede all prior representations, understandings and agreements -between the user and the provider relating to the Loader and sets forth the -entire agreement and understanding between the user and the provider relating -to the Loader. - -12.6 Nothing in this Licence Agreement shall be deemed to constitute a -partnership between you and the provider nor constitute either party being an -agent of the other party. - -12.7 This Agreement does not create any rights or benefits enforceable by any -person not a party to it (within the meaning of the U.K.Contracts (Rights of -Third Parties) Act 1999) except that a person who under clause 12.1 is a -permitted successor or assignee of the rights or benefits of the provider may -enforce such rights or benefits. - - -13 GOVERNING LAW AND JURISDICTION - -This License Agreement and any issues relating thereto shall be construed and -interpreted in accordance with the laws of England and subject to the -exclusive jurisdiction of the English courts. - -Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 +LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE +OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) + +YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE +LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP +LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU +DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY +AND/OR USE THE LOADER SOFTWARE. + +DEFINITIONS + +The following definitions shall apply in this document: + +LOADER shall mean the ionCube PHP Loader software package or collection +of Loaders, including any modifications or upgrades to the software, used for +executing PHP scripts previously encoded with the ionCube PHP Encoder +software to render them non-humanly readable, and any associated +documentation or electronic or online materials relating to the software. + +ENCODER shall mean any ionCube PHP Encoder software or service used for the +purpose of producing non-humanly readable encoded files from PHP scripts. + +ENCODED FILE shall mean a non-humanly readable file produced by the +Encoder and being derived from humanly readable PHP script source. + +PROVIDER shall mean ionCube Ltd. + +USER/YOU shall mean any entity who has downloaded or obtained through any +other means a version of the Loader software. + + +1 LICENSE ENTITLEMENT + +1.1 The Loader is provided without charge. Title to the Loader does not pass +to the user in any circumstances. The Loader is supplied as object code. + +1.2 The provider grants a personal, non-transferable, non-exclusive licence to +use the Loader in accordance with the terms and conditions of this Licence +Agreement. + +1.3 The installation or downloading and use of the Loader entitles the user +to install and use the Loader for its own internal lawful purposes. + + +2 DISTRIBUTION + +2.1 The Loader may be freely distributed to third parties alone or as +part of a distribution containing other items provided that this license +is also included. + +2.2 The Loader may under no circumstances be branded as another product, +whether distributed or not. + +2.3 Distribution as part of a commercial product is permitted provided such +distribution is in accordance with clauses 2.1 and 2.2 with respect to the +Loader. + + +3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION + +Except insofar as the user is permitted to do so in accordance with applicable +law: + +3.1 Any analysis of the Loader and embedded data by any means and by +any entity whether human or otherwise and including but without limitation to +discover details of internal operation, to reverse engineer, to de-compile +object code, or to modify for the purposes of modifying behaviour is +forbidden. + +3.2 Any analysis of encoded files by any means and by any entity whether human +or otherwise and including but without limitation to discover details of file +format or for the purposes of modifying behaviour or scope of their usage is +forbidden. + + +4 WARRANTY + +THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED +WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE +DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED +OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN +CONJUNCTION WITH ANY OTHER PRODUCT. + + +5 LIMITATION OF LIABILITY + +5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY +PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER +CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE +AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS +EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL +WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING +FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR +OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY +LAW. + +5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT +ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS +A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS +OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE +PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH +DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS +TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. + +5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS +LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE +PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. + +5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY +E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY +THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING +TRANSMISSION. + + +6 BUG FIXING AND PRODUCT SUPPORT + +6.1 The provider will use reasonable endeavours to provide support to users. +The provider will at their discretion only provide support for the latest +release. + +6.2 Support comprises of fault reporting via tickets and fault diagnosis, +recommendations on workarounds, and where reasonably possible a timely +resolution. + +6.3 The user accepts that on occasion the ability of the provider to meet +anticipated or published support schedules may be impaired due to, but without +limitation, Internet service provider failures or software failures that +affect the ability to communicate for an indeterminate period. + +6.4 The provider reserves the right to refuse to provide support at any time. + +6.5 The provider wishes to maintain and offer a product of the highest +possible quality, and accordingly may from time to time and at its discretion +make product changes for the purpose of correcting behaviour in variance to +the published specification or the user's reasonable expectations. + +6.6 The provider reserves the right to charge for support where the user does +not have a valid support plan in place, or where the support offered exceeds +the scope of the active support plan. + + +7 PRODUCT UPGRADES + +7.1 The provider may from time to time release product upgrades. These will +be provided free of charge and attempts made to provide a timely notification +to customers of the existence of any new release. + + +8 ERRORS AND OMISSIONS + +Whilst reasonable endeavours are made to ensure the accuracy of documentation +concerning the details of the Loader, the user accepts the possibility of +inaccuracies in information presented in any format, including email +communications and online services. The provider shall under no circumstances +be liable for any events that arise as a result of unintentional inaccuracies +or omissions. + + +9 USER INDEMNITY + +You agree to fully indemnify, defend and hold the provider harmless +immediately upon demand from and against all actions, liability, claims, +losses, damages, costs and expenses (including legal/attorney fees) incurred +by the provider arising directly or indirectly as a result of your breach of +this Licence Agreement. + + +10 INTELLECTUAL PROPERTY RIGHTS + +10.1 The user acknowledges that the Loader and associated documentation and +materials contain proprietary information of the provider and are and shall +remain the exclusive property of the provider and/or its licensors and all +title, copyright, trade marks, trade names, patents and other intellectual +property rights therein of whatever nature shall remain the sole property of +the provider and/or its licensors. + +10.2 No title to or rights of ownership, copyright or other intellectual +property in the Loader is transferred to the user (other than the licence +rights expressly granted in this Licence Agreement). + + +11 TERMINATION + +11.1 The provider reserves the right to terminate this Licence Agreement +immediately by notice in writing against the user if the user is in breach of +any terms and conditions of this Licence Agreement. + +11.2 Termination of this Licence Agreement for any reason shall be without +prejudice to any other rights or remedies of the provider which may have +arisen on or before the date of termination under this Licence Agreement or in +law. + +11.3 The provisions of the following clauses shall survive any termination of +this agreement; clause 3, 5, 10 and 13. + + +12 GENERAL + +12.1 The provider reserves the right to transfer or assign all or any of its +rights and duties and responsibilities set out in this Licence Agreement to +another party. + +12.2 Headings have been included for convenience only and will not be used in +construing any provision of this Licence Agreement. + +12.3 No delay or failure by the provider to exercise any powers, rights or +remedies under this Licence Agreement will operate as a waiver of them nor +will any single or partial exercise of any such powers, rights or remedies +include any other or further exercise of them. + +12.4 If any part of this Licence Agreement is found by a court of competent +jurisdiction or other competent authority to be invalid, unlawful or +unenforceable then such part shall be severed from the remainder of this +Licence Agreement which will continue to be valid and enforceable to the +fullest extent permitted by applicable law. + +12.5 This Licence Agreement including the documents or other sources referred +to herein supersede all prior representations, understandings and agreements +between the user and the provider relating to the Loader and sets forth the +entire agreement and understanding between the user and the provider relating +to the Loader. + +12.6 Nothing in this Licence Agreement shall be deemed to constitute a +partnership between you and the provider nor constitute either party being an +agent of the other party. + +12.7 This Agreement does not create any rights or benefits enforceable by any +person not a party to it (within the meaning of the U.K.Contracts (Rights of +Third Parties) Act 1999) except that a person who under clause 12.1 is a +permitted successor or assignee of the rights or benefits of the provider may +enforce such rights or benefits. + + +13 GOVERNING LAW AND JURISDICTION + +This License Agreement and any issues relating thereto shall be construed and +interpreted in accordance with the laws of England and subject to the +exclusive jurisdiction of the English courts. + +Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 diff --git a/src/deb/latest.txt b/src/deb/latest.txt index 5e8393bb..c1732bff 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.8-26-62 +vesta-0.9.9-0-12 \ No newline at end of file diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 975d12cd..68252789 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,9 +25,116 @@ fi echo "1" > /usr/local/vesta/data/upgrades/show_changelog chmod a=rw /usr/local/vesta/data/upgrades/show_changelog +if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then + echo "== Adding FileManager license to vesta.conf" + echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf +fi + +if [ -f "/root/.bash_profile" ]; then + if ! grep -q "v-cd-www" /root/.bash_profile; then + echo "== Adding v-cd-www alias to root bash profile" + echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile + fi +fi + +# Adding myVesta rules to SpamAssassin +if [ -d "/etc/spamassassin" ]; then + spamassassin_modified=0 + if [ ! -f "/etc/spamassassin/myvesta.cf" ]; then + touch /etc/spamassassin/myvesta.cf + fi + if ! grep -q 'RCVD_IN_RP_SAFE' /etc/spamassassin/myvesta.cf; then + echo "== Adding RCVD_IN_RP_ myVesta rules to SpamAssassin" + echo 'score RCVD_IN_RP_SAFE 0' >> /etc/spamassassin/myvesta.cf + echo 'score RCVD_IN_RP_CERTIFIED 0' >> /etc/spamassassin/myvesta.cf + spamassassin_modified=1 + fi + if ! grep -q 'SPF_FAIL' /etc/spamassassin/myvesta.cf; then + echo "== Adding SPF_FAIL myVesta rules to SpamAssassin" + cat <> /etc/spamassassin/myvesta.cf +score SPF_FAIL 3.0 +score SPF_SOFTFAIL 4.0 +score SPF_NONE 4.0 +EOF + spamassassin_modified=1 + fi + + if [ $spamassassin_modified -eq 1 ]; then + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') + if [ $spamassassin_running -eq 1 ]; then + echo "== Restarting SpamAssassin" + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi + fi + fi +fi + +# Adding ProFTPD to Fail2Ban +if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then + if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then + echo "== Adding ProFTPD to Fail2Ban" + cat <> /etc/fail2ban/jail.local + +[proftpd] +enabled = true +filter = proftpd +action = vesta[name=FTP] +port = ftp,ftp-data,ftps,ftps-data +logpath = %(proftpd_log)s +backend = %(proftpd_backend)s +maxretry = 5 +EOF + fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') + if [ $fail2ban_running -eq 1 ]; then + echo "== Restarting Fail2Ban" + systemctl restart fail2ban + fi + fi +fi + +# Removing SpamHaus DNSBL +if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then + sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf + touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed +fi + +# Fixing 'dh key too small' in dovecot +if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then + if grep -q 'dh key too small' /var/log/dovecot.log.1; then + if ! grep -q 'dh.pem' /etc/dovecot/conf.d/10-ssl.conf; then + echo "== Fixing 'dh key too small' in dovecot" + echo "ssl_dh=> /etc/dovecot/conf.d/10-ssl.conf + systemctl restart dovecot + fi + fi +fi + +# Patching exim4.conf for: smtputf8_advertise_hosts +if [ "$release" -ge 11 ]; then + if [ -f "/etc/exim4/exim4.conf.template" ]; then + if ! grep -q 'smtputf8_advertise_hosts' /etc/exim4/exim4.conf.template; then + echo 'Patching exim4.conf for: smtputf8_advertise_hosts' + sed -i "/^domainlist local_domains/i smtputf8_advertise_hosts =" /etc/exim4/exim4.conf.template + systemctl restart exim4 + fi + fi +fi + +# Patching exim4.conf for: Helo name contains a ip address +if [ -f "/etc/exim4/exim4.conf.template" ]; then + if grep -q 'drop message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid' /etc/exim4/exim4.conf.template; then + echo 'Patching exim4.conf for: Helo name contains a ip address' + patch /etc/exim4/exim4.conf.template < /usr/local/vesta/src/deb/for-download/tools/patches/exim_helo_authenticated.patch + sed -i '/telenor\.rs/d' /etc/exim4/exim4.conf.template + systemctl restart exim4 + fi +fi # Making sure yescrypt is disabled -if [ "$release" -eq 11 ]; then +if [ "$release" -ge 11 ]; then sed -i "s/yescrypt/sha512/g" /etc/pam.d/common-password fi @@ -46,25 +153,34 @@ if [ "$release" -eq 11 ]; then ADD=" hosts_try_fastopen = \!\*.l.google.com" sed -i "s#$FIND#$FIND\n$ADD#g" /etc/exim4/exim4.conf.template systemctl restart exim4 - - sed -i "s/net.ipv4.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf - echo 1 > /proc/sys/net/ipv4/tcp_window_scaling fi fi fi +if [ "$release" -ge 11 ]; then + check_grep=$(grep -c '^net\.ipv4\.tcp_window_scaling' /etc/sysctl.conf) + if [ "$check_grep" -gt 0 ]; then + echo "=== Removing net.ipv4.tcp_window_scaling" + sed -i "s/net\.ipv4\.tcp_window_scaling/#net.ipv4.tcp_window_scaling/g" /etc/sysctl.conf + echo 1 > /proc/sys/net/ipv4/tcp_window_scaling + fi +fi # Adding Barracuda RBL to SpamAssassin if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin') - spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin' | grep -c 'running') + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') if [ $spamassassin_installed -eq 1 ]; then echo "== Adding Barracuda RBL to SpamAssassin" wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf fi if [ $spamassassin_running -eq 1 ]; then echo "== Restarting SpamAssassin" - systemctl restart spamassassin + if [ "$release" -lt 12 ]; then + systemctl restart spamassassin.service + else + systemctl restart spamd.service + fi fi touch /usr/local/vesta/data/upgrades/barracuda_rbl fi @@ -121,7 +237,11 @@ if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then echo "== Enabling TLS for ProFTPD FTPS" wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf - systemctl restart proftpd + proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running') + if [ $proftpd_running -eq 1 ]; then + echo "== Restarting ProFTPD" + systemctl restart proftpd + fi fi fi fi diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index c8308d7f..a80316d9 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -7,8 +7,8 @@ build_deb_package=1 add_deb_to_apt_repo=0 -TARGET_DEB_NAME='bullseye' -TARGET_DEB_VER='11' +TARGET_DEB_NAME='bookworm' +TARGET_DEB_VER='12' run_apt_update_and_install=1 wait_to_press_enter=1 @@ -31,8 +31,8 @@ fi MAINTAINER_EMAIL='info@myvestacp.com' -TARGET_DEB_NAME_MAIN='bullseye' -TARGET_DEB_VER_MAIN='11' +TARGET_DEB_NAME_MAIN='bookworm' +TARGET_DEB_VER_MAIN='12' # Set compiling directory BUILD_DIR="/usr/src/$TARGET_DEB_NAME" @@ -58,21 +58,31 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" -NGINX_V='1.21.2' -OPENSSL_V='1.1.1l' +NGINX_V='1.25.1' +OPENSSL_V='1.1.1u' PCRE_V='8.45' -ZLIB_V='1.2.11' +ZLIB_V='1.2.13' PHP_V='5.6.40' # Generate Links for sourcecode NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz' OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz' -PCRE='https://ftp.pcre.org/pub/pcre/pcre-'$PCRE_V'.tar.gz' -ZLIB='https://www.zlib.net/zlib-'$ZLIB_V'.tar.gz' +# PRCE got moved to sourceforce.net +# PRCE2 in the feature use +# PCRE='https://github.com/PCRE2Project/pcre2/releases/download/pcre2-'$PCRE_V'/pcre2-'$PCRE_V'.tar.gz' +PCRE='https://sourceforge.net/projects/pcre/files/pcre/'$PCRE_V'/pcre-'$PCRE_V'.tar.gz/download' +# Zlib moved archives to Github +ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz' PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz' # Set package dependencies for compiling -SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' +release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + +if [ "$release" -lt 12 ]; then + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' +else + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync' +fi function press_enter { if [ $wait_to_press_enter -eq 1 ]; then @@ -117,7 +127,7 @@ if [ $run_apt_update_and_install -eq 1 ]; then apt-get -qq install -y $SOFTWARE # Fix for Debian PHP Envroiment - if [ ! -e /usr/local/include/curl ]; then + if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi press_enter "=== Press enter to continue ===============================================================================" @@ -248,6 +258,7 @@ EOF press_enter "*** please copy above generated key to your clipboard and then paste it after pressing enter now ***" vi $PATH_OF_APT_REPO_ROOT/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/deb_signing.key + cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/12/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/11/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/10/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/9/deb_signing.key @@ -409,6 +420,34 @@ if [ "$CWEB_B" = true ]; then tar -czf dovecot.tar.gz dovecot/ echo "=== All done for Debian11" ########## + cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/12 + + if [ -f "packages.tar.gz" ]; then + rm packages.tar.gz + fi + tar -czf packages.tar.gz packages/ + + if [ -f "templates.tar.gz" ]; then + rm templates.tar.gz + fi + tar -czf templates.tar.gz templates/ + + if [ -f "firewall.tar.gz" ]; then + rm firewall.tar.gz + fi + tar -czf firewall.tar.gz firewall/ + + if [ -f "fail2ban.tar.gz" ]; then + rm fail2ban.tar.gz + fi + tar -czf fail2ban.tar.gz fail2ban/ + + if [ -f "dovecot.tar.gz" ]; then + rm dovecot.tar.gz + fi + tar -czf dovecot.tar.gz dovecot/ + echo "=== All done for Debian12" + ########## cp /root/vesta/install/vst-install-debian.sh $PATH_OF_C_WEB_FOLDER_ROOT/vst-install-debian.sh @@ -502,7 +541,11 @@ if [ "$NGINX_B" = true ]; then echo "=== Get nginx.conf" cd $BUILD_DIR/vesta-nginx_$VESTA_V - cp /root/vesta/src/deb/for-download/nginx/nginx.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + if [ "$release" -lt 12 ]; then + cp /root/vesta/src/deb/for-download/nginx/nginx.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + else + cp /root/vesta/src/deb/for-download/nginx/nginx-deb12.conf $BUILD_DIR/vesta-nginx_$VESTA_V/usr/local/vesta/nginx/conf/nginx.conf + fi # if [ $BUILDING_NOW -eq 1 ]; then echo "=== copy binary" diff --git a/web/add/db/index.php b/web/add/db/index.php index 68f66b4a..e0529b32 100644 --- a/web/add/db/index.php +++ b/web/add/db/index.php @@ -98,7 +98,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { $_SESSION['ok_msg'] = __('DATABASE_CREATED_OK',htmlentities($user)."_".htmlentities($_POST['v_database']),htmlentities($user)."_".htmlentities($_POST['v_database'])); - $_SESSION['ok_msg'] .= " / " . __('open %s',$db_admin) . ""; + $_SESSION['ok_msg'] .= " / " . __('open %s',$db_admin) . ""; unset($v_database); unset($v_dbuser); unset($v_password); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index b260b465..c761139c 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -187,7 +187,7 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); - $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; + $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; unset($v_account); unset($v_password); unset($v_password); diff --git a/web/add/user/index.php b/web/add/user/index.php index 1ed521e3..b51f587d 100644 --- a/web/add/user/index.php +++ b/web/add/user/index.php @@ -100,7 +100,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { $_SESSION['ok_msg'] = __('USER_CREATED_OK',htmlentities($_POST['v_username']),htmlentities($_POST['v_username'])); - $_SESSION['ok_msg'] .= " / " . __('login as') ." ".htmlentities($_POST['v_username']). ""; + $_SESSION['ok_msg'] .= " / " . __('login as') ." ".htmlentities($_POST['v_username']). ""; unset($v_username); unset($v_password); unset($v_email); diff --git a/web/css/fonts/awesome5/fa-brands-400.svg b/web/css/fonts/awesome5/fa-brands-400.svg new file mode 100644 index 00000000..46ad237a --- /dev/null +++ b/web/css/fonts/awesome5/fa-brands-400.svg @@ -0,0 +1,3570 @@ + + + + + +Created by FontForge 20190801 at Mon Mar 23 10:45:51 2020 + By Robert Madole +Copyright (c) Font Awesome + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/web/css/fonts/awesome5/fa-brands-400.ttf b/web/css/fonts/awesome5/fa-brands-400.ttf new file mode 100644 index 00000000..948a2a6c Binary files /dev/null and b/web/css/fonts/awesome5/fa-brands-400.ttf differ diff --git a/web/css/fonts/awesome5/fa-brands-400.woff b/web/css/fonts/awesome5/fa-brands-400.woff new file mode 100644 index 00000000..2a89d521 Binary files /dev/null and b/web/css/fonts/awesome5/fa-brands-400.woff differ diff --git a/web/css/fonts/awesome5/fa-brands-400.woff2 b/web/css/fonts/awesome5/fa-brands-400.woff2 new file mode 100644 index 00000000..141a90a9 Binary files /dev/null and b/web/css/fonts/awesome5/fa-brands-400.woff2 differ diff --git a/web/css/fonts/awesome5/fa-regular-400.eot b/web/css/fonts/awesome5/fa-regular-400.eot new file mode 100644 index 00000000..38cf2517 Binary files /dev/null and b/web/css/fonts/awesome5/fa-regular-400.eot differ diff --git a/web/css/fonts/awesome5/fa-regular-400.svg b/web/css/fonts/awesome5/fa-regular-400.svg new file mode 100644 index 00000000..48634a9a --- /dev/null +++ b/web/css/fonts/awesome5/fa-regular-400.svg @@ -0,0 +1,803 @@ + + + + + +Created by FontForge 20190801 at Mon Mar 23 10:45:51 2020 + By Robert Madole +Copyright (c) Font Awesome + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/web/css/fonts/awesome5/fa-regular-400.ttf b/web/css/fonts/awesome5/fa-regular-400.ttf new file mode 100644 index 00000000..abe99e20 Binary files /dev/null and b/web/css/fonts/awesome5/fa-regular-400.ttf differ diff --git a/web/css/fonts/awesome5/fa-regular-400.woff b/web/css/fonts/awesome5/fa-regular-400.woff new file mode 100644 index 00000000..24de566a Binary files /dev/null and b/web/css/fonts/awesome5/fa-regular-400.woff differ diff --git a/web/css/fonts/awesome5/fa-regular-400.woff2 b/web/css/fonts/awesome5/fa-regular-400.woff2 new file mode 100644 index 00000000..7e0118e5 Binary files /dev/null and b/web/css/fonts/awesome5/fa-regular-400.woff2 differ diff --git a/web/css/fonts/awesome5/fa-solid-900.eot b/web/css/fonts/awesome5/fa-solid-900.eot new file mode 100644 index 00000000..d3b77c22 Binary files /dev/null and b/web/css/fonts/awesome5/fa-solid-900.eot differ diff --git a/web/css/fonts/awesome5/fa-solid-900.ttf b/web/css/fonts/awesome5/fa-solid-900.ttf new file mode 100644 index 00000000..5b979039 Binary files /dev/null and b/web/css/fonts/awesome5/fa-solid-900.ttf differ diff --git a/web/css/fonts/awesome5/fa-solid-900.woff b/web/css/fonts/awesome5/fa-solid-900.woff new file mode 100644 index 00000000..beec7917 Binary files /dev/null and b/web/css/fonts/awesome5/fa-solid-900.woff differ diff --git a/web/css/fonts/awesome5/fa-solid-900.woff2 b/web/css/fonts/awesome5/fa-solid-900.woff2 new file mode 100644 index 00000000..978a681a Binary files /dev/null and b/web/css/fonts/awesome5/fa-solid-900.woff2 differ diff --git a/web/css/fonts/font_awesome5.css b/web/css/fonts/font_awesome5.css new file mode 100644 index 00000000..d299e20b --- /dev/null +++ b/web/css/fonts/font_awesome5.css @@ -0,0 +1,5 @@ +/*! + * Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com + * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) + */ +.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa.fa-pull-left,.fab.fa-pull-left,.fal.fa-pull-left,.far.fa-pull-left,.fas.fa-pull-left{margin-right:.3em}.fa.fa-pull-right,.fab.fa-pull-right,.fal.fa-pull-right,.far.fa-pull-right,.fas.fa-pull-right{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-webkit-transform:scaleY(-1);transform:scaleY(-1)}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical,.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)"}.fa-flip-both,.fa-flip-horizontal.fa-flip-vertical{-webkit-transform:scale(-1);transform:scale(-1)}:root .fa-flip-both,:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{-webkit-filter:none;filter:none}.fa-stack{display:inline-block;height:2em;line-height:2em;position:relative;vertical-align:middle;width:2.5em}.fa-stack-1x,.fa-stack-2x{left:0;position:absolute;text-align:center;width:100%}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-500px:before{content:"\f26e"}.fa-accessible-icon:before{content:"\f368"}.fa-accusoft:before{content:"\f369"}.fa-acquisitions-incorporated:before{content:"\f6af"}.fa-ad:before{content:"\f641"}.fa-address-book:before{content:"\f2b9"}.fa-address-card:before{content:"\f2bb"}.fa-adjust:before{content:"\f042"}.fa-adn:before{content:"\f170"}.fa-adobe:before{content:"\f778"}.fa-adversal:before{content:"\f36a"}.fa-affiliatetheme:before{content:"\f36b"}.fa-air-freshener:before{content:"\f5d0"}.fa-airbnb:before{content:"\f834"}.fa-algolia:before{content:"\f36c"}.fa-align-center:before{content:"\f037"}.fa-align-justify:before{content:"\f039"}.fa-align-left:before{content:"\f036"}.fa-align-right:before{content:"\f038"}.fa-alipay:before{content:"\f642"}.fa-allergies:before{content:"\f461"}.fa-amazon:before{content:"\f270"}.fa-amazon-pay:before{content:"\f42c"}.fa-ambulance:before{content:"\f0f9"}.fa-american-sign-language-interpreting:before{content:"\f2a3"}.fa-amilia:before{content:"\f36d"}.fa-anchor:before{content:"\f13d"}.fa-android:before{content:"\f17b"}.fa-angellist:before{content:"\f209"}.fa-angle-double-down:before{content:"\f103"}.fa-angle-double-left:before{content:"\f100"}.fa-angle-double-right:before{content:"\f101"}.fa-angle-double-up:before{content:"\f102"}.fa-angle-down:before{content:"\f107"}.fa-angle-left:before{content:"\f104"}.fa-angle-right:before{content:"\f105"}.fa-angle-up:before{content:"\f106"}.fa-angry:before{content:"\f556"}.fa-angrycreative:before{content:"\f36e"}.fa-angular:before{content:"\f420"}.fa-ankh:before{content:"\f644"}.fa-app-store:before{content:"\f36f"}.fa-app-store-ios:before{content:"\f370"}.fa-apper:before{content:"\f371"}.fa-apple:before{content:"\f179"}.fa-apple-alt:before{content:"\f5d1"}.fa-apple-pay:before{content:"\f415"}.fa-archive:before{content:"\f187"}.fa-archway:before{content:"\f557"}.fa-arrow-alt-circle-down:before{content:"\f358"}.fa-arrow-alt-circle-left:before{content:"\f359"}.fa-arrow-alt-circle-right:before{content:"\f35a"}.fa-arrow-alt-circle-up:before{content:"\f35b"}.fa-arrow-circle-down:before{content:"\f0ab"}.fa-arrow-circle-left:before{content:"\f0a8"}.fa-arrow-circle-right:before{content:"\f0a9"}.fa-arrow-circle-up:before{content:"\f0aa"}.fa-arrow-down:before{content:"\f063"}.fa-arrow-left:before{content:"\f060"}.fa-arrow-right:before{content:"\f061"}.fa-arrow-up:before{content:"\f062"}.fa-arrows-alt:before{content:"\f0b2"}.fa-arrows-alt-h:before{content:"\f337"}.fa-arrows-alt-v:before{content:"\f338"}.fa-artstation:before{content:"\f77a"}.fa-assistive-listening-systems:before{content:"\f2a2"}.fa-asterisk:before{content:"\f069"}.fa-asymmetrik:before{content:"\f372"}.fa-at:before{content:"\f1fa"}.fa-atlas:before{content:"\f558"}.fa-atlassian:before{content:"\f77b"}.fa-atom:before{content:"\f5d2"}.fa-audible:before{content:"\f373"}.fa-audio-description:before{content:"\f29e"}.fa-autoprefixer:before{content:"\f41c"}.fa-avianex:before{content:"\f374"}.fa-aviato:before{content:"\f421"}.fa-award:before{content:"\f559"}.fa-aws:before{content:"\f375"}.fa-baby:before{content:"\f77c"}.fa-baby-carriage:before{content:"\f77d"}.fa-backspace:before{content:"\f55a"}.fa-backward:before{content:"\f04a"}.fa-bacon:before{content:"\f7e5"}.fa-bahai:before{content:"\f666"}.fa-balance-scale:before{content:"\f24e"}.fa-balance-scale-left:before{content:"\f515"}.fa-balance-scale-right:before{content:"\f516"}.fa-ban:before{content:"\f05e"}.fa-band-aid:before{content:"\f462"}.fa-bandcamp:before{content:"\f2d5"}.fa-barcode:before{content:"\f02a"}.fa-bars:before{content:"\f0c9"}.fa-baseball-ball:before{content:"\f433"}.fa-basketball-ball:before{content:"\f434"}.fa-bath:before{content:"\f2cd"}.fa-battery-empty:before{content:"\f244"}.fa-battery-full:before{content:"\f240"}.fa-battery-half:before{content:"\f242"}.fa-battery-quarter:before{content:"\f243"}.fa-battery-three-quarters:before{content:"\f241"}.fa-battle-net:before{content:"\f835"}.fa-bed:before{content:"\f236"}.fa-beer:before{content:"\f0fc"}.fa-behance:before{content:"\f1b4"}.fa-behance-square:before{content:"\f1b5"}.fa-bell:before{content:"\f0f3"}.fa-bell-slash:before{content:"\f1f6"}.fa-bezier-curve:before{content:"\f55b"}.fa-bible:before{content:"\f647"}.fa-bicycle:before{content:"\f206"}.fa-biking:before{content:"\f84a"}.fa-bimobject:before{content:"\f378"}.fa-binoculars:before{content:"\f1e5"}.fa-biohazard:before{content:"\f780"}.fa-birthday-cake:before{content:"\f1fd"}.fa-bitbucket:before{content:"\f171"}.fa-bitcoin:before{content:"\f379"}.fa-bity:before{content:"\f37a"}.fa-black-tie:before{content:"\f27e"}.fa-blackberry:before{content:"\f37b"}.fa-blender:before{content:"\f517"}.fa-blender-phone:before{content:"\f6b6"}.fa-blind:before{content:"\f29d"}.fa-blog:before{content:"\f781"}.fa-blogger:before{content:"\f37c"}.fa-blogger-b:before{content:"\f37d"}.fa-bluetooth:before{content:"\f293"}.fa-bluetooth-b:before{content:"\f294"}.fa-bold:before{content:"\f032"}.fa-bolt:before{content:"\f0e7"}.fa-bomb:before{content:"\f1e2"}.fa-bone:before{content:"\f5d7"}.fa-bong:before{content:"\f55c"}.fa-book:before{content:"\f02d"}.fa-book-dead:before{content:"\f6b7"}.fa-book-medical:before{content:"\f7e6"}.fa-book-open:before{content:"\f518"}.fa-book-reader:before{content:"\f5da"}.fa-bookmark:before{content:"\f02e"}.fa-bootstrap:before{content:"\f836"}.fa-border-all:before{content:"\f84c"}.fa-border-none:before{content:"\f850"}.fa-border-style:before{content:"\f853"}.fa-bowling-ball:before{content:"\f436"}.fa-box:before{content:"\f466"}.fa-box-open:before{content:"\f49e"}.fa-box-tissue:before{content:"\f95b"}.fa-boxes:before{content:"\f468"}.fa-braille:before{content:"\f2a1"}.fa-brain:before{content:"\f5dc"}.fa-bread-slice:before{content:"\f7ec"}.fa-briefcase:before{content:"\f0b1"}.fa-briefcase-medical:before{content:"\f469"}.fa-broadcast-tower:before{content:"\f519"}.fa-broom:before{content:"\f51a"}.fa-brush:before{content:"\f55d"}.fa-btc:before{content:"\f15a"}.fa-buffer:before{content:"\f837"}.fa-bug:before{content:"\f188"}.fa-building:before{content:"\f1ad"}.fa-bullhorn:before{content:"\f0a1"}.fa-bullseye:before{content:"\f140"}.fa-burn:before{content:"\f46a"}.fa-buromobelexperte:before{content:"\f37f"}.fa-bus:before{content:"\f207"}.fa-bus-alt:before{content:"\f55e"}.fa-business-time:before{content:"\f64a"}.fa-buy-n-large:before{content:"\f8a6"}.fa-buysellads:before{content:"\f20d"}.fa-calculator:before{content:"\f1ec"}.fa-calendar:before{content:"\f133"}.fa-calendar-alt:before{content:"\f073"}.fa-calendar-check:before{content:"\f274"}.fa-calendar-day:before{content:"\f783"}.fa-calendar-minus:before{content:"\f272"}.fa-calendar-plus:before{content:"\f271"}.fa-calendar-times:before{content:"\f273"}.fa-calendar-week:before{content:"\f784"}.fa-camera:before{content:"\f030"}.fa-camera-retro:before{content:"\f083"}.fa-campground:before{content:"\f6bb"}.fa-canadian-maple-leaf:before{content:"\f785"}.fa-candy-cane:before{content:"\f786"}.fa-cannabis:before{content:"\f55f"}.fa-capsules:before{content:"\f46b"}.fa-car:before{content:"\f1b9"}.fa-car-alt:before{content:"\f5de"}.fa-car-battery:before{content:"\f5df"}.fa-car-crash:before{content:"\f5e1"}.fa-car-side:before{content:"\f5e4"}.fa-caravan:before{content:"\f8ff"}.fa-caret-down:before{content:"\f0d7"}.fa-caret-left:before{content:"\f0d9"}.fa-caret-right:before{content:"\f0da"}.fa-caret-square-down:before{content:"\f150"}.fa-caret-square-left:before{content:"\f191"}.fa-caret-square-right:before{content:"\f152"}.fa-caret-square-up:before{content:"\f151"}.fa-caret-up:before{content:"\f0d8"}.fa-carrot:before{content:"\f787"}.fa-cart-arrow-down:before{content:"\f218"}.fa-cart-plus:before{content:"\f217"}.fa-cash-register:before{content:"\f788"}.fa-cat:before{content:"\f6be"}.fa-cc-amazon-pay:before{content:"\f42d"}.fa-cc-amex:before{content:"\f1f3"}.fa-cc-apple-pay:before{content:"\f416"}.fa-cc-diners-club:before{content:"\f24c"}.fa-cc-discover:before{content:"\f1f2"}.fa-cc-jcb:before{content:"\f24b"}.fa-cc-mastercard:before{content:"\f1f1"}.fa-cc-paypal:before{content:"\f1f4"}.fa-cc-stripe:before{content:"\f1f5"}.fa-cc-visa:before{content:"\f1f0"}.fa-centercode:before{content:"\f380"}.fa-centos:before{content:"\f789"}.fa-certificate:before{content:"\f0a3"}.fa-chair:before{content:"\f6c0"}.fa-chalkboard:before{content:"\f51b"}.fa-chalkboard-teacher:before{content:"\f51c"}.fa-charging-station:before{content:"\f5e7"}.fa-chart-area:before{content:"\f1fe"}.fa-chart-bar:before{content:"\f080"}.fa-chart-line:before{content:"\f201"}.fa-chart-pie:before{content:"\f200"}.fa-check:before{content:"\f00c"}.fa-check-circle:before{content:"\f058"}.fa-check-double:before{content:"\f560"}.fa-check-square:before{content:"\f14a"}.fa-cheese:before{content:"\f7ef"}.fa-chess:before{content:"\f439"}.fa-chess-bishop:before{content:"\f43a"}.fa-chess-board:before{content:"\f43c"}.fa-chess-king:before{content:"\f43f"}.fa-chess-knight:before{content:"\f441"}.fa-chess-pawn:before{content:"\f443"}.fa-chess-queen:before{content:"\f445"}.fa-chess-rook:before{content:"\f447"}.fa-chevron-circle-down:before{content:"\f13a"}.fa-chevron-circle-left:before{content:"\f137"}.fa-chevron-circle-right:before{content:"\f138"}.fa-chevron-circle-up:before{content:"\f139"}.fa-chevron-down:before{content:"\f078"}.fa-chevron-left:before{content:"\f053"}.fa-chevron-right:before{content:"\f054"}.fa-chevron-up:before{content:"\f077"}.fa-child:before{content:"\f1ae"}.fa-chrome:before{content:"\f268"}.fa-chromecast:before{content:"\f838"}.fa-church:before{content:"\f51d"}.fa-circle:before{content:"\f111"}.fa-circle-notch:before{content:"\f1ce"}.fa-city:before{content:"\f64f"}.fa-clinic-medical:before{content:"\f7f2"}.fa-clipboard:before{content:"\f328"}.fa-clipboard-check:before{content:"\f46c"}.fa-clipboard-list:before{content:"\f46d"}.fa-clock:before{content:"\f017"}.fa-clone:before{content:"\f24d"}.fa-closed-captioning:before{content:"\f20a"}.fa-cloud:before{content:"\f0c2"}.fa-cloud-download-alt:before{content:"\f381"}.fa-cloud-meatball:before{content:"\f73b"}.fa-cloud-moon:before{content:"\f6c3"}.fa-cloud-moon-rain:before{content:"\f73c"}.fa-cloud-rain:before{content:"\f73d"}.fa-cloud-showers-heavy:before{content:"\f740"}.fa-cloud-sun:before{content:"\f6c4"}.fa-cloud-sun-rain:before{content:"\f743"}.fa-cloud-upload-alt:before{content:"\f382"}.fa-cloudscale:before{content:"\f383"}.fa-cloudsmith:before{content:"\f384"}.fa-cloudversify:before{content:"\f385"}.fa-cocktail:before{content:"\f561"}.fa-code:before{content:"\f121"}.fa-code-branch:before{content:"\f126"}.fa-codepen:before{content:"\f1cb"}.fa-codiepie:before{content:"\f284"}.fa-coffee:before{content:"\f0f4"}.fa-cog:before{content:"\f013"}.fa-cogs:before{content:"\f085"}.fa-coins:before{content:"\f51e"}.fa-columns:before{content:"\f0db"}.fa-comment:before{content:"\f075"}.fa-comment-alt:before{content:"\f27a"}.fa-comment-dollar:before{content:"\f651"}.fa-comment-dots:before{content:"\f4ad"}.fa-comment-medical:before{content:"\f7f5"}.fa-comment-slash:before{content:"\f4b3"}.fa-comments:before{content:"\f086"}.fa-comments-dollar:before{content:"\f653"}.fa-compact-disc:before{content:"\f51f"}.fa-compass:before{content:"\f14e"}.fa-compress:before{content:"\f066"}.fa-compress-alt:before{content:"\f422"}.fa-compress-arrows-alt:before{content:"\f78c"}.fa-concierge-bell:before{content:"\f562"}.fa-confluence:before{content:"\f78d"}.fa-connectdevelop:before{content:"\f20e"}.fa-contao:before{content:"\f26d"}.fa-cookie:before{content:"\f563"}.fa-cookie-bite:before{content:"\f564"}.fa-copy:before{content:"\f0c5"}.fa-copyright:before{content:"\f1f9"}.fa-cotton-bureau:before{content:"\f89e"}.fa-couch:before{content:"\f4b8"}.fa-cpanel:before{content:"\f388"}.fa-creative-commons:before{content:"\f25e"}.fa-creative-commons-by:before{content:"\f4e7"}.fa-creative-commons-nc:before{content:"\f4e8"}.fa-creative-commons-nc-eu:before{content:"\f4e9"}.fa-creative-commons-nc-jp:before{content:"\f4ea"}.fa-creative-commons-nd:before{content:"\f4eb"}.fa-creative-commons-pd:before{content:"\f4ec"}.fa-creative-commons-pd-alt:before{content:"\f4ed"}.fa-creative-commons-remix:before{content:"\f4ee"}.fa-creative-commons-sa:before{content:"\f4ef"}.fa-creative-commons-sampling:before{content:"\f4f0"}.fa-creative-commons-sampling-plus:before{content:"\f4f1"}.fa-creative-commons-share:before{content:"\f4f2"}.fa-creative-commons-zero:before{content:"\f4f3"}.fa-credit-card:before{content:"\f09d"}.fa-critical-role:before{content:"\f6c9"}.fa-crop:before{content:"\f125"}.fa-crop-alt:before{content:"\f565"}.fa-cross:before{content:"\f654"}.fa-crosshairs:before{content:"\f05b"}.fa-crow:before{content:"\f520"}.fa-crown:before{content:"\f521"}.fa-crutch:before{content:"\f7f7"}.fa-css3:before{content:"\f13c"}.fa-css3-alt:before{content:"\f38b"}.fa-cube:before{content:"\f1b2"}.fa-cubes:before{content:"\f1b3"}.fa-cut:before{content:"\f0c4"}.fa-cuttlefish:before{content:"\f38c"}.fa-d-and-d:before{content:"\f38d"}.fa-d-and-d-beyond:before{content:"\f6ca"}.fa-dailymotion:before{content:"\f952"}.fa-dashcube:before{content:"\f210"}.fa-database:before{content:"\f1c0"}.fa-deaf:before{content:"\f2a4"}.fa-delicious:before{content:"\f1a5"}.fa-democrat:before{content:"\f747"}.fa-deploydog:before{content:"\f38e"}.fa-deskpro:before{content:"\f38f"}.fa-desktop:before{content:"\f108"}.fa-dev:before{content:"\f6cc"}.fa-deviantart:before{content:"\f1bd"}.fa-dharmachakra:before{content:"\f655"}.fa-dhl:before{content:"\f790"}.fa-diagnoses:before{content:"\f470"}.fa-diaspora:before{content:"\f791"}.fa-dice:before{content:"\f522"}.fa-dice-d20:before{content:"\f6cf"}.fa-dice-d6:before{content:"\f6d1"}.fa-dice-five:before{content:"\f523"}.fa-dice-four:before{content:"\f524"}.fa-dice-one:before{content:"\f525"}.fa-dice-six:before{content:"\f526"}.fa-dice-three:before{content:"\f527"}.fa-dice-two:before{content:"\f528"}.fa-digg:before{content:"\f1a6"}.fa-digital-ocean:before{content:"\f391"}.fa-digital-tachograph:before{content:"\f566"}.fa-directions:before{content:"\f5eb"}.fa-discord:before{content:"\f392"}.fa-discourse:before{content:"\f393"}.fa-disease:before{content:"\f7fa"}.fa-divide:before{content:"\f529"}.fa-dizzy:before{content:"\f567"}.fa-dna:before{content:"\f471"}.fa-dochub:before{content:"\f394"}.fa-docker:before{content:"\f395"}.fa-dog:before{content:"\f6d3"}.fa-dollar-sign:before{content:"\f155"}.fa-dolly:before{content:"\f472"}.fa-dolly-flatbed:before{content:"\f474"}.fa-donate:before{content:"\f4b9"}.fa-door-closed:before{content:"\f52a"}.fa-door-open:before{content:"\f52b"}.fa-dot-circle:before{content:"\f192"}.fa-dove:before{content:"\f4ba"}.fa-download:before{content:"\f019"}.fa-draft2digital:before{content:"\f396"}.fa-drafting-compass:before{content:"\f568"}.fa-dragon:before{content:"\f6d5"}.fa-draw-polygon:before{content:"\f5ee"}.fa-dribbble:before{content:"\f17d"}.fa-dribbble-square:before{content:"\f397"}.fa-dropbox:before{content:"\f16b"}.fa-drum:before{content:"\f569"}.fa-drum-steelpan:before{content:"\f56a"}.fa-drumstick-bite:before{content:"\f6d7"}.fa-drupal:before{content:"\f1a9"}.fa-dumbbell:before{content:"\f44b"}.fa-dumpster:before{content:"\f793"}.fa-dumpster-fire:before{content:"\f794"}.fa-dungeon:before{content:"\f6d9"}.fa-dyalog:before{content:"\f399"}.fa-earlybirds:before{content:"\f39a"}.fa-ebay:before{content:"\f4f4"}.fa-edge:before{content:"\f282"}.fa-edit:before{content:"\f044"}.fa-egg:before{content:"\f7fb"}.fa-eject:before{content:"\f052"}.fa-elementor:before{content:"\f430"}.fa-ellipsis-h:before{content:"\f141"}.fa-ellipsis-v:before{content:"\f142"}.fa-ello:before{content:"\f5f1"}.fa-ember:before{content:"\f423"}.fa-empire:before{content:"\f1d1"}.fa-envelope:before{content:"\f0e0"}.fa-envelope-open:before{content:"\f2b6"}.fa-envelope-open-text:before{content:"\f658"}.fa-envelope-square:before{content:"\f199"}.fa-envira:before{content:"\f299"}.fa-equals:before{content:"\f52c"}.fa-eraser:before{content:"\f12d"}.fa-erlang:before{content:"\f39d"}.fa-ethereum:before{content:"\f42e"}.fa-ethernet:before{content:"\f796"}.fa-etsy:before{content:"\f2d7"}.fa-euro-sign:before{content:"\f153"}.fa-evernote:before{content:"\f839"}.fa-exchange-alt:before{content:"\f362"}.fa-exclamation:before{content:"\f12a"}.fa-exclamation-circle:before{content:"\f06a"}.fa-exclamation-triangle:before{content:"\f071"}.fa-expand:before{content:"\f065"}.fa-expand-alt:before{content:"\f424"}.fa-expand-arrows-alt:before{content:"\f31e"}.fa-expeditedssl:before{content:"\f23e"}.fa-external-link-alt:before{content:"\f35d"}.fa-external-link-square-alt:before{content:"\f360"}.fa-eye:before{content:"\f06e"}.fa-eye-dropper:before{content:"\f1fb"}.fa-eye-slash:before{content:"\f070"}.fa-facebook:before{content:"\f09a"}.fa-facebook-f:before{content:"\f39e"}.fa-facebook-messenger:before{content:"\f39f"}.fa-facebook-square:before{content:"\f082"}.fa-fan:before{content:"\f863"}.fa-fantasy-flight-games:before{content:"\f6dc"}.fa-fast-backward:before{content:"\f049"}.fa-fast-forward:before{content:"\f050"}.fa-faucet:before{content:"\f905"}.fa-fax:before{content:"\f1ac"}.fa-feather:before{content:"\f52d"}.fa-feather-alt:before{content:"\f56b"}.fa-fedex:before{content:"\f797"}.fa-fedora:before{content:"\f798"}.fa-female:before{content:"\f182"}.fa-fighter-jet:before{content:"\f0fb"}.fa-figma:before{content:"\f799"}.fa-file:before{content:"\f15b"}.fa-file-alt:before{content:"\f15c"}.fa-file-archive:before{content:"\f1c6"}.fa-file-audio:before{content:"\f1c7"}.fa-file-code:before{content:"\f1c9"}.fa-file-contract:before{content:"\f56c"}.fa-file-csv:before{content:"\f6dd"}.fa-file-download:before{content:"\f56d"}.fa-file-excel:before{content:"\f1c3"}.fa-file-export:before{content:"\f56e"}.fa-file-image:before{content:"\f1c5"}.fa-file-import:before{content:"\f56f"}.fa-file-invoice:before{content:"\f570"}.fa-file-invoice-dollar:before{content:"\f571"}.fa-file-medical:before{content:"\f477"}.fa-file-medical-alt:before{content:"\f478"}.fa-file-pdf:before{content:"\f1c1"}.fa-file-powerpoint:before{content:"\f1c4"}.fa-file-prescription:before{content:"\f572"}.fa-file-signature:before{content:"\f573"}.fa-file-upload:before{content:"\f574"}.fa-file-video:before{content:"\f1c8"}.fa-file-word:before{content:"\f1c2"}.fa-fill:before{content:"\f575"}.fa-fill-drip:before{content:"\f576"}.fa-film:before{content:"\f008"}.fa-filter:before{content:"\f0b0"}.fa-fingerprint:before{content:"\f577"}.fa-fire:before{content:"\f06d"}.fa-fire-alt:before{content:"\f7e4"}.fa-fire-extinguisher:before{content:"\f134"}.fa-firefox:before{content:"\f269"}.fa-firefox-browser:before{content:"\f907"}.fa-first-aid:before{content:"\f479"}.fa-first-order:before{content:"\f2b0"}.fa-first-order-alt:before{content:"\f50a"}.fa-firstdraft:before{content:"\f3a1"}.fa-fish:before{content:"\f578"}.fa-fist-raised:before{content:"\f6de"}.fa-flag:before{content:"\f024"}.fa-flag-checkered:before{content:"\f11e"}.fa-flag-usa:before{content:"\f74d"}.fa-flask:before{content:"\f0c3"}.fa-flickr:before{content:"\f16e"}.fa-flipboard:before{content:"\f44d"}.fa-flushed:before{content:"\f579"}.fa-fly:before{content:"\f417"}.fa-folder:before{content:"\f07b"}.fa-folder-minus:before{content:"\f65d"}.fa-folder-open:before{content:"\f07c"}.fa-folder-plus:before{content:"\f65e"}.fa-font:before{content:"\f031"}.fa-font-awesome:before{content:"\f2b4"}.fa-font-awesome-alt:before{content:"\f35c"}.fa-font-awesome-flag:before{content:"\f425"}.fa-font-awesome-logo-full:before{content:"\f4e6"}.fa-fonticons:before{content:"\f280"}.fa-fonticons-fi:before{content:"\f3a2"}.fa-football-ball:before{content:"\f44e"}.fa-fort-awesome:before{content:"\f286"}.fa-fort-awesome-alt:before{content:"\f3a3"}.fa-forumbee:before{content:"\f211"}.fa-forward:before{content:"\f04e"}.fa-foursquare:before{content:"\f180"}.fa-free-code-camp:before{content:"\f2c5"}.fa-freebsd:before{content:"\f3a4"}.fa-frog:before{content:"\f52e"}.fa-frown:before{content:"\f119"}.fa-frown-open:before{content:"\f57a"}.fa-fulcrum:before{content:"\f50b"}.fa-funnel-dollar:before{content:"\f662"}.fa-futbol:before{content:"\f1e3"}.fa-galactic-republic:before{content:"\f50c"}.fa-galactic-senate:before{content:"\f50d"}.fa-gamepad:before{content:"\f11b"}.fa-gas-pump:before{content:"\f52f"}.fa-gavel:before{content:"\f0e3"}.fa-gem:before{content:"\f3a5"}.fa-genderless:before{content:"\f22d"}.fa-get-pocket:before{content:"\f265"}.fa-gg:before{content:"\f260"}.fa-gg-circle:before{content:"\f261"}.fa-ghost:before{content:"\f6e2"}.fa-gift:before{content:"\f06b"}.fa-gifts:before{content:"\f79c"}.fa-git:before{content:"\f1d3"}.fa-git-alt:before{content:"\f841"}.fa-git-square:before{content:"\f1d2"}.fa-github:before{content:"\f09b"}.fa-github-alt:before{content:"\f113"}.fa-github-square:before{content:"\f092"}.fa-gitkraken:before{content:"\f3a6"}.fa-gitlab:before{content:"\f296"}.fa-gitter:before{content:"\f426"}.fa-glass-cheers:before{content:"\f79f"}.fa-glass-martini:before{content:"\f000"}.fa-glass-martini-alt:before{content:"\f57b"}.fa-glass-whiskey:before{content:"\f7a0"}.fa-glasses:before{content:"\f530"}.fa-glide:before{content:"\f2a5"}.fa-glide-g:before{content:"\f2a6"}.fa-globe:before{content:"\f0ac"}.fa-globe-africa:before{content:"\f57c"}.fa-globe-americas:before{content:"\f57d"}.fa-globe-asia:before{content:"\f57e"}.fa-globe-europe:before{content:"\f7a2"}.fa-gofore:before{content:"\f3a7"}.fa-golf-ball:before{content:"\f450"}.fa-goodreads:before{content:"\f3a8"}.fa-goodreads-g:before{content:"\f3a9"}.fa-google:before{content:"\f1a0"}.fa-google-drive:before{content:"\f3aa"}.fa-google-play:before{content:"\f3ab"}.fa-google-plus:before{content:"\f2b3"}.fa-google-plus-g:before{content:"\f0d5"}.fa-google-plus-square:before{content:"\f0d4"}.fa-google-wallet:before{content:"\f1ee"}.fa-gopuram:before{content:"\f664"}.fa-graduation-cap:before{content:"\f19d"}.fa-gratipay:before{content:"\f184"}.fa-grav:before{content:"\f2d6"}.fa-greater-than:before{content:"\f531"}.fa-greater-than-equal:before{content:"\f532"}.fa-grimace:before{content:"\f57f"}.fa-grin:before{content:"\f580"}.fa-grin-alt:before{content:"\f581"}.fa-grin-beam:before{content:"\f582"}.fa-grin-beam-sweat:before{content:"\f583"}.fa-grin-hearts:before{content:"\f584"}.fa-grin-squint:before{content:"\f585"}.fa-grin-squint-tears:before{content:"\f586"}.fa-grin-stars:before{content:"\f587"}.fa-grin-tears:before{content:"\f588"}.fa-grin-tongue:before{content:"\f589"}.fa-grin-tongue-squint:before{content:"\f58a"}.fa-grin-tongue-wink:before{content:"\f58b"}.fa-grin-wink:before{content:"\f58c"}.fa-grip-horizontal:before{content:"\f58d"}.fa-grip-lines:before{content:"\f7a4"}.fa-grip-lines-vertical:before{content:"\f7a5"}.fa-grip-vertical:before{content:"\f58e"}.fa-gripfire:before{content:"\f3ac"}.fa-grunt:before{content:"\f3ad"}.fa-guitar:before{content:"\f7a6"}.fa-gulp:before{content:"\f3ae"}.fa-h-square:before{content:"\f0fd"}.fa-hacker-news:before{content:"\f1d4"}.fa-hacker-news-square:before{content:"\f3af"}.fa-hackerrank:before{content:"\f5f7"}.fa-hamburger:before{content:"\f805"}.fa-hammer:before{content:"\f6e3"}.fa-hamsa:before{content:"\f665"}.fa-hand-holding:before{content:"\f4bd"}.fa-hand-holding-heart:before{content:"\f4be"}.fa-hand-holding-medical:before{content:"\f95c"}.fa-hand-holding-usd:before{content:"\f4c0"}.fa-hand-holding-water:before{content:"\f4c1"}.fa-hand-lizard:before{content:"\f258"}.fa-hand-middle-finger:before{content:"\f806"}.fa-hand-paper:before{content:"\f256"}.fa-hand-peace:before{content:"\f25b"}.fa-hand-point-down:before{content:"\f0a7"}.fa-hand-point-left:before{content:"\f0a5"}.fa-hand-point-right:before{content:"\f0a4"}.fa-hand-point-up:before{content:"\f0a6"}.fa-hand-pointer:before{content:"\f25a"}.fa-hand-rock:before{content:"\f255"}.fa-hand-scissors:before{content:"\f257"}.fa-hand-sparkles:before{content:"\f95d"}.fa-hand-spock:before{content:"\f259"}.fa-hands:before{content:"\f4c2"}.fa-hands-helping:before{content:"\f4c4"}.fa-hands-wash:before{content:"\f95e"}.fa-handshake:before{content:"\f2b5"}.fa-handshake-alt-slash:before{content:"\f95f"}.fa-handshake-slash:before{content:"\f960"}.fa-hanukiah:before{content:"\f6e6"}.fa-hard-hat:before{content:"\f807"}.fa-hashtag:before{content:"\f292"}.fa-hat-cowboy:before{content:"\f8c0"}.fa-hat-cowboy-side:before{content:"\f8c1"}.fa-hat-wizard:before{content:"\f6e8"}.fa-hdd:before{content:"\f0a0"}.fa-head-side-cough:before{content:"\f961"}.fa-head-side-cough-slash:before{content:"\f962"}.fa-head-side-mask:before{content:"\f963"}.fa-head-side-virus:before{content:"\f964"}.fa-heading:before{content:"\f1dc"}.fa-headphones:before{content:"\f025"}.fa-headphones-alt:before{content:"\f58f"}.fa-headset:before{content:"\f590"}.fa-heart:before{content:"\f004"}.fa-heart-broken:before{content:"\f7a9"}.fa-heartbeat:before{content:"\f21e"}.fa-helicopter:before{content:"\f533"}.fa-highlighter:before{content:"\f591"}.fa-hiking:before{content:"\f6ec"}.fa-hippo:before{content:"\f6ed"}.fa-hips:before{content:"\f452"}.fa-hire-a-helper:before{content:"\f3b0"}.fa-history:before{content:"\f1da"}.fa-hockey-puck:before{content:"\f453"}.fa-holly-berry:before{content:"\f7aa"}.fa-home:before{content:"\f015"}.fa-hooli:before{content:"\f427"}.fa-hornbill:before{content:"\f592"}.fa-horse:before{content:"\f6f0"}.fa-horse-head:before{content:"\f7ab"}.fa-hospital:before{content:"\f0f8"}.fa-hospital-alt:before{content:"\f47d"}.fa-hospital-symbol:before{content:"\f47e"}.fa-hospital-user:before{content:"\f80d"}.fa-hot-tub:before{content:"\f593"}.fa-hotdog:before{content:"\f80f"}.fa-hotel:before{content:"\f594"}.fa-hotjar:before{content:"\f3b1"}.fa-hourglass:before{content:"\f254"}.fa-hourglass-end:before{content:"\f253"}.fa-hourglass-half:before{content:"\f252"}.fa-hourglass-start:before{content:"\f251"}.fa-house-damage:before{content:"\f6f1"}.fa-house-user:before{content:"\f965"}.fa-houzz:before{content:"\f27c"}.fa-hryvnia:before{content:"\f6f2"}.fa-html5:before{content:"\f13b"}.fa-hubspot:before{content:"\f3b2"}.fa-i-cursor:before{content:"\f246"}.fa-ice-cream:before{content:"\f810"}.fa-icicles:before{content:"\f7ad"}.fa-icons:before{content:"\f86d"}.fa-id-badge:before{content:"\f2c1"}.fa-id-card:before{content:"\f2c2"}.fa-id-card-alt:before{content:"\f47f"}.fa-ideal:before{content:"\f913"}.fa-igloo:before{content:"\f7ae"}.fa-image:before{content:"\f03e"}.fa-images:before{content:"\f302"}.fa-imdb:before{content:"\f2d8"}.fa-inbox:before{content:"\f01c"}.fa-indent:before{content:"\f03c"}.fa-industry:before{content:"\f275"}.fa-infinity:before{content:"\f534"}.fa-info:before{content:"\f129"}.fa-info-circle:before{content:"\f05a"}.fa-instagram:before{content:"\f16d"}.fa-instagram-square:before{content:"\f955"}.fa-intercom:before{content:"\f7af"}.fa-internet-explorer:before{content:"\f26b"}.fa-invision:before{content:"\f7b0"}.fa-ioxhost:before{content:"\f208"}.fa-italic:before{content:"\f033"}.fa-itch-io:before{content:"\f83a"}.fa-itunes:before{content:"\f3b4"}.fa-itunes-note:before{content:"\f3b5"}.fa-java:before{content:"\f4e4"}.fa-jedi:before{content:"\f669"}.fa-jedi-order:before{content:"\f50e"}.fa-jenkins:before{content:"\f3b6"}.fa-jira:before{content:"\f7b1"}.fa-joget:before{content:"\f3b7"}.fa-joint:before{content:"\f595"}.fa-joomla:before{content:"\f1aa"}.fa-journal-whills:before{content:"\f66a"}.fa-js:before{content:"\f3b8"}.fa-js-square:before{content:"\f3b9"}.fa-jsfiddle:before{content:"\f1cc"}.fa-kaaba:before{content:"\f66b"}.fa-kaggle:before{content:"\f5fa"}.fa-key:before{content:"\f084"}.fa-keybase:before{content:"\f4f5"}.fa-keyboard:before{content:"\f11c"}.fa-keycdn:before{content:"\f3ba"}.fa-khanda:before{content:"\f66d"}.fa-kickstarter:before{content:"\f3bb"}.fa-kickstarter-k:before{content:"\f3bc"}.fa-kiss:before{content:"\f596"}.fa-kiss-beam:before{content:"\f597"}.fa-kiss-wink-heart:before{content:"\f598"}.fa-kiwi-bird:before{content:"\f535"}.fa-korvue:before{content:"\f42f"}.fa-landmark:before{content:"\f66f"}.fa-language:before{content:"\f1ab"}.fa-laptop:before{content:"\f109"}.fa-laptop-code:before{content:"\f5fc"}.fa-laptop-house:before{content:"\f966"}.fa-laptop-medical:before{content:"\f812"}.fa-laravel:before{content:"\f3bd"}.fa-lastfm:before{content:"\f202"}.fa-lastfm-square:before{content:"\f203"}.fa-laugh:before{content:"\f599"}.fa-laugh-beam:before{content:"\f59a"}.fa-laugh-squint:before{content:"\f59b"}.fa-laugh-wink:before{content:"\f59c"}.fa-layer-group:before{content:"\f5fd"}.fa-leaf:before{content:"\f06c"}.fa-leanpub:before{content:"\f212"}.fa-lemon:before{content:"\f094"}.fa-less:before{content:"\f41d"}.fa-less-than:before{content:"\f536"}.fa-less-than-equal:before{content:"\f537"}.fa-level-down-alt:before{content:"\f3be"}.fa-level-up-alt:before{content:"\f3bf"}.fa-life-ring:before{content:"\f1cd"}.fa-lightbulb:before{content:"\f0eb"}.fa-line:before{content:"\f3c0"}.fa-link:before{content:"\f0c1"}.fa-linkedin:before{content:"\f08c"}.fa-linkedin-in:before{content:"\f0e1"}.fa-linode:before{content:"\f2b8"}.fa-linux:before{content:"\f17c"}.fa-lira-sign:before{content:"\f195"}.fa-list:before{content:"\f03a"}.fa-list-alt:before{content:"\f022"}.fa-list-ol:before{content:"\f0cb"}.fa-list-ul:before{content:"\f0ca"}.fa-location-arrow:before{content:"\f124"}.fa-lock:before{content:"\f023"}.fa-lock-open:before{content:"\f3c1"}.fa-long-arrow-alt-down:before{content:"\f309"}.fa-long-arrow-alt-left:before{content:"\f30a"}.fa-long-arrow-alt-right:before{content:"\f30b"}.fa-long-arrow-alt-up:before{content:"\f30c"}.fa-low-vision:before{content:"\f2a8"}.fa-luggage-cart:before{content:"\f59d"}.fa-lungs:before{content:"\f604"}.fa-lungs-virus:before{content:"\f967"}.fa-lyft:before{content:"\f3c3"}.fa-magento:before{content:"\f3c4"}.fa-magic:before{content:"\f0d0"}.fa-magnet:before{content:"\f076"}.fa-mail-bulk:before{content:"\f674"}.fa-mailchimp:before{content:"\f59e"}.fa-male:before{content:"\f183"}.fa-mandalorian:before{content:"\f50f"}.fa-map:before{content:"\f279"}.fa-map-marked:before{content:"\f59f"}.fa-map-marked-alt:before{content:"\f5a0"}.fa-map-marker:before{content:"\f041"}.fa-map-marker-alt:before{content:"\f3c5"}.fa-map-pin:before{content:"\f276"}.fa-map-signs:before{content:"\f277"}.fa-markdown:before{content:"\f60f"}.fa-marker:before{content:"\f5a1"}.fa-mars:before{content:"\f222"}.fa-mars-double:before{content:"\f227"}.fa-mars-stroke:before{content:"\f229"}.fa-mars-stroke-h:before{content:"\f22b"}.fa-mars-stroke-v:before{content:"\f22a"}.fa-mask:before{content:"\f6fa"}.fa-mastodon:before{content:"\f4f6"}.fa-maxcdn:before{content:"\f136"}.fa-mdb:before{content:"\f8ca"}.fa-medal:before{content:"\f5a2"}.fa-medapps:before{content:"\f3c6"}.fa-medium:before{content:"\f23a"}.fa-medium-m:before{content:"\f3c7"}.fa-medkit:before{content:"\f0fa"}.fa-medrt:before{content:"\f3c8"}.fa-meetup:before{content:"\f2e0"}.fa-megaport:before{content:"\f5a3"}.fa-meh:before{content:"\f11a"}.fa-meh-blank:before{content:"\f5a4"}.fa-meh-rolling-eyes:before{content:"\f5a5"}.fa-memory:before{content:"\f538"}.fa-mendeley:before{content:"\f7b3"}.fa-menorah:before{content:"\f676"}.fa-mercury:before{content:"\f223"}.fa-meteor:before{content:"\f753"}.fa-microblog:before{content:"\f91a"}.fa-microchip:before{content:"\f2db"}.fa-microphone:before{content:"\f130"}.fa-microphone-alt:before{content:"\f3c9"}.fa-microphone-alt-slash:before{content:"\f539"}.fa-microphone-slash:before{content:"\f131"}.fa-microscope:before{content:"\f610"}.fa-microsoft:before{content:"\f3ca"}.fa-minus:before{content:"\f068"}.fa-minus-circle:before{content:"\f056"}.fa-minus-square:before{content:"\f146"}.fa-mitten:before{content:"\f7b5"}.fa-mix:before{content:"\f3cb"}.fa-mixcloud:before{content:"\f289"}.fa-mixer:before{content:"\f956"}.fa-mizuni:before{content:"\f3cc"}.fa-mobile:before{content:"\f10b"}.fa-mobile-alt:before{content:"\f3cd"}.fa-modx:before{content:"\f285"}.fa-monero:before{content:"\f3d0"}.fa-money-bill:before{content:"\f0d6"}.fa-money-bill-alt:before{content:"\f3d1"}.fa-money-bill-wave:before{content:"\f53a"}.fa-money-bill-wave-alt:before{content:"\f53b"}.fa-money-check:before{content:"\f53c"}.fa-money-check-alt:before{content:"\f53d"}.fa-monument:before{content:"\f5a6"}.fa-moon:before{content:"\f186"}.fa-mortar-pestle:before{content:"\f5a7"}.fa-mosque:before{content:"\f678"}.fa-motorcycle:before{content:"\f21c"}.fa-mountain:before{content:"\f6fc"}.fa-mouse:before{content:"\f8cc"}.fa-mouse-pointer:before{content:"\f245"}.fa-mug-hot:before{content:"\f7b6"}.fa-music:before{content:"\f001"}.fa-napster:before{content:"\f3d2"}.fa-neos:before{content:"\f612"}.fa-network-wired:before{content:"\f6ff"}.fa-neuter:before{content:"\f22c"}.fa-newspaper:before{content:"\f1ea"}.fa-nimblr:before{content:"\f5a8"}.fa-node:before{content:"\f419"}.fa-node-js:before{content:"\f3d3"}.fa-not-equal:before{content:"\f53e"}.fa-notes-medical:before{content:"\f481"}.fa-npm:before{content:"\f3d4"}.fa-ns8:before{content:"\f3d5"}.fa-nutritionix:before{content:"\f3d6"}.fa-object-group:before{content:"\f247"}.fa-object-ungroup:before{content:"\f248"}.fa-odnoklassniki:before{content:"\f263"}.fa-odnoklassniki-square:before{content:"\f264"}.fa-oil-can:before{content:"\f613"}.fa-old-republic:before{content:"\f510"}.fa-om:before{content:"\f679"}.fa-opencart:before{content:"\f23d"}.fa-openid:before{content:"\f19b"}.fa-opera:before{content:"\f26a"}.fa-optin-monster:before{content:"\f23c"}.fa-orcid:before{content:"\f8d2"}.fa-osi:before{content:"\f41a"}.fa-otter:before{content:"\f700"}.fa-outdent:before{content:"\f03b"}.fa-page4:before{content:"\f3d7"}.fa-pagelines:before{content:"\f18c"}.fa-pager:before{content:"\f815"}.fa-paint-brush:before{content:"\f1fc"}.fa-paint-roller:before{content:"\f5aa"}.fa-palette:before{content:"\f53f"}.fa-palfed:before{content:"\f3d8"}.fa-pallet:before{content:"\f482"}.fa-paper-plane:before{content:"\f1d8"}.fa-paperclip:before{content:"\f0c6"}.fa-parachute-box:before{content:"\f4cd"}.fa-paragraph:before{content:"\f1dd"}.fa-parking:before{content:"\f540"}.fa-passport:before{content:"\f5ab"}.fa-pastafarianism:before{content:"\f67b"}.fa-paste:before{content:"\f0ea"}.fa-patreon:before{content:"\f3d9"}.fa-pause:before{content:"\f04c"}.fa-pause-circle:before{content:"\f28b"}.fa-paw:before{content:"\f1b0"}.fa-paypal:before{content:"\f1ed"}.fa-peace:before{content:"\f67c"}.fa-pen:before{content:"\f304"}.fa-pen-alt:before{content:"\f305"}.fa-pen-fancy:before{content:"\f5ac"}.fa-pen-nib:before{content:"\f5ad"}.fa-pen-square:before{content:"\f14b"}.fa-pencil-alt:before{content:"\f303"}.fa-pencil-ruler:before{content:"\f5ae"}.fa-penny-arcade:before{content:"\f704"}.fa-people-arrows:before{content:"\f968"}.fa-people-carry:before{content:"\f4ce"}.fa-pepper-hot:before{content:"\f816"}.fa-percent:before{content:"\f295"}.fa-percentage:before{content:"\f541"}.fa-periscope:before{content:"\f3da"}.fa-person-booth:before{content:"\f756"}.fa-phabricator:before{content:"\f3db"}.fa-phoenix-framework:before{content:"\f3dc"}.fa-phoenix-squadron:before{content:"\f511"}.fa-phone:before{content:"\f095"}.fa-phone-alt:before{content:"\f879"}.fa-phone-slash:before{content:"\f3dd"}.fa-phone-square:before{content:"\f098"}.fa-phone-square-alt:before{content:"\f87b"}.fa-phone-volume:before{content:"\f2a0"}.fa-photo-video:before{content:"\f87c"}.fa-php:before{content:"\f457"}.fa-pied-piper:before{content:"\f2ae"}.fa-pied-piper-alt:before{content:"\f1a8"}.fa-pied-piper-hat:before{content:"\f4e5"}.fa-pied-piper-pp:before{content:"\f1a7"}.fa-pied-piper-square:before{content:"\f91e"}.fa-piggy-bank:before{content:"\f4d3"}.fa-pills:before{content:"\f484"}.fa-pinterest:before{content:"\f0d2"}.fa-pinterest-p:before{content:"\f231"}.fa-pinterest-square:before{content:"\f0d3"}.fa-pizza-slice:before{content:"\f818"}.fa-place-of-worship:before{content:"\f67f"}.fa-plane:before{content:"\f072"}.fa-plane-arrival:before{content:"\f5af"}.fa-plane-departure:before{content:"\f5b0"}.fa-plane-slash:before{content:"\f969"}.fa-play:before{content:"\f04b"}.fa-play-circle:before{content:"\f144"}.fa-playstation:before{content:"\f3df"}.fa-plug:before{content:"\f1e6"}.fa-plus:before{content:"\f067"}.fa-plus-circle:before{content:"\f055"}.fa-plus-square:before{content:"\f0fe"}.fa-podcast:before{content:"\f2ce"}.fa-poll:before{content:"\f681"}.fa-poll-h:before{content:"\f682"}.fa-poo:before{content:"\f2fe"}.fa-poo-storm:before{content:"\f75a"}.fa-poop:before{content:"\f619"}.fa-portrait:before{content:"\f3e0"}.fa-pound-sign:before{content:"\f154"}.fa-power-off:before{content:"\f011"}.fa-pray:before{content:"\f683"}.fa-praying-hands:before{content:"\f684"}.fa-prescription:before{content:"\f5b1"}.fa-prescription-bottle:before{content:"\f485"}.fa-prescription-bottle-alt:before{content:"\f486"}.fa-print:before{content:"\f02f"}.fa-procedures:before{content:"\f487"}.fa-product-hunt:before{content:"\f288"}.fa-project-diagram:before{content:"\f542"}.fa-pump-medical:before{content:"\f96a"}.fa-pump-soap:before{content:"\f96b"}.fa-pushed:before{content:"\f3e1"}.fa-puzzle-piece:before{content:"\f12e"}.fa-python:before{content:"\f3e2"}.fa-qq:before{content:"\f1d6"}.fa-qrcode:before{content:"\f029"}.fa-question:before{content:"\f128"}.fa-question-circle:before{content:"\f059"}.fa-quidditch:before{content:"\f458"}.fa-quinscape:before{content:"\f459"}.fa-quora:before{content:"\f2c4"}.fa-quote-left:before{content:"\f10d"}.fa-quote-right:before{content:"\f10e"}.fa-quran:before{content:"\f687"}.fa-r-project:before{content:"\f4f7"}.fa-radiation:before{content:"\f7b9"}.fa-radiation-alt:before{content:"\f7ba"}.fa-rainbow:before{content:"\f75b"}.fa-random:before{content:"\f074"}.fa-raspberry-pi:before{content:"\f7bb"}.fa-ravelry:before{content:"\f2d9"}.fa-react:before{content:"\f41b"}.fa-reacteurope:before{content:"\f75d"}.fa-readme:before{content:"\f4d5"}.fa-rebel:before{content:"\f1d0"}.fa-receipt:before{content:"\f543"}.fa-record-vinyl:before{content:"\f8d9"}.fa-recycle:before{content:"\f1b8"}.fa-red-river:before{content:"\f3e3"}.fa-reddit:before{content:"\f1a1"}.fa-reddit-alien:before{content:"\f281"}.fa-reddit-square:before{content:"\f1a2"}.fa-redhat:before{content:"\f7bc"}.fa-redo:before{content:"\f01e"}.fa-redo-alt:before{content:"\f2f9"}.fa-registered:before{content:"\f25d"}.fa-remove-format:before{content:"\f87d"}.fa-renren:before{content:"\f18b"}.fa-reply:before{content:"\f3e5"}.fa-reply-all:before{content:"\f122"}.fa-replyd:before{content:"\f3e6"}.fa-republican:before{content:"\f75e"}.fa-researchgate:before{content:"\f4f8"}.fa-resolving:before{content:"\f3e7"}.fa-restroom:before{content:"\f7bd"}.fa-retweet:before{content:"\f079"}.fa-rev:before{content:"\f5b2"}.fa-ribbon:before{content:"\f4d6"}.fa-ring:before{content:"\f70b"}.fa-road:before{content:"\f018"}.fa-robot:before{content:"\f544"}.fa-rocket:before{content:"\f135"}.fa-rocketchat:before{content:"\f3e8"}.fa-rockrms:before{content:"\f3e9"}.fa-route:before{content:"\f4d7"}.fa-rss:before{content:"\f09e"}.fa-rss-square:before{content:"\f143"}.fa-ruble-sign:before{content:"\f158"}.fa-ruler:before{content:"\f545"}.fa-ruler-combined:before{content:"\f546"}.fa-ruler-horizontal:before{content:"\f547"}.fa-ruler-vertical:before{content:"\f548"}.fa-running:before{content:"\f70c"}.fa-rupee-sign:before{content:"\f156"}.fa-sad-cry:before{content:"\f5b3"}.fa-sad-tear:before{content:"\f5b4"}.fa-safari:before{content:"\f267"}.fa-salesforce:before{content:"\f83b"}.fa-sass:before{content:"\f41e"}.fa-satellite:before{content:"\f7bf"}.fa-satellite-dish:before{content:"\f7c0"}.fa-save:before{content:"\f0c7"}.fa-schlix:before{content:"\f3ea"}.fa-school:before{content:"\f549"}.fa-screwdriver:before{content:"\f54a"}.fa-scribd:before{content:"\f28a"}.fa-scroll:before{content:"\f70e"}.fa-sd-card:before{content:"\f7c2"}.fa-search:before{content:"\f002"}.fa-search-dollar:before{content:"\f688"}.fa-search-location:before{content:"\f689"}.fa-search-minus:before{content:"\f010"}.fa-search-plus:before{content:"\f00e"}.fa-searchengin:before{content:"\f3eb"}.fa-seedling:before{content:"\f4d8"}.fa-sellcast:before{content:"\f2da"}.fa-sellsy:before{content:"\f213"}.fa-server:before{content:"\f233"}.fa-servicestack:before{content:"\f3ec"}.fa-shapes:before{content:"\f61f"}.fa-share:before{content:"\f064"}.fa-share-alt:before{content:"\f1e0"}.fa-share-alt-square:before{content:"\f1e1"}.fa-share-square:before{content:"\f14d"}.fa-shekel-sign:before{content:"\f20b"}.fa-shield-alt:before{content:"\f3ed"}.fa-shield-virus:before{content:"\f96c"}.fa-ship:before{content:"\f21a"}.fa-shipping-fast:before{content:"\f48b"}.fa-shirtsinbulk:before{content:"\f214"}.fa-shoe-prints:before{content:"\f54b"}.fa-shopify:before{content:"\f957"}.fa-shopping-bag:before{content:"\f290"}.fa-shopping-basket:before{content:"\f291"}.fa-shopping-cart:before{content:"\f07a"}.fa-shopware:before{content:"\f5b5"}.fa-shower:before{content:"\f2cc"}.fa-shuttle-van:before{content:"\f5b6"}.fa-sign:before{content:"\f4d9"}.fa-sign-in-alt:before{content:"\f2f6"}.fa-sign-language:before{content:"\f2a7"}.fa-sign-out-alt:before{content:"\f2f5"}.fa-signal:before{content:"\f012"}.fa-signature:before{content:"\f5b7"}.fa-sim-card:before{content:"\f7c4"}.fa-simplybuilt:before{content:"\f215"}.fa-sistrix:before{content:"\f3ee"}.fa-sitemap:before{content:"\f0e8"}.fa-sith:before{content:"\f512"}.fa-skating:before{content:"\f7c5"}.fa-sketch:before{content:"\f7c6"}.fa-skiing:before{content:"\f7c9"}.fa-skiing-nordic:before{content:"\f7ca"}.fa-skull:before{content:"\f54c"}.fa-skull-crossbones:before{content:"\f714"}.fa-skyatlas:before{content:"\f216"}.fa-skype:before{content:"\f17e"}.fa-slack:before{content:"\f198"}.fa-slack-hash:before{content:"\f3ef"}.fa-slash:before{content:"\f715"}.fa-sleigh:before{content:"\f7cc"}.fa-sliders-h:before{content:"\f1de"}.fa-slideshare:before{content:"\f1e7"}.fa-smile:before{content:"\f118"}.fa-smile-beam:before{content:"\f5b8"}.fa-smile-wink:before{content:"\f4da"}.fa-smog:before{content:"\f75f"}.fa-smoking:before{content:"\f48d"}.fa-smoking-ban:before{content:"\f54d"}.fa-sms:before{content:"\f7cd"}.fa-snapchat:before{content:"\f2ab"}.fa-snapchat-ghost:before{content:"\f2ac"}.fa-snapchat-square:before{content:"\f2ad"}.fa-snowboarding:before{content:"\f7ce"}.fa-snowflake:before{content:"\f2dc"}.fa-snowman:before{content:"\f7d0"}.fa-snowplow:before{content:"\f7d2"}.fa-soap:before{content:"\f96e"}.fa-socks:before{content:"\f696"}.fa-solar-panel:before{content:"\f5ba"}.fa-sort:before{content:"\f0dc"}.fa-sort-alpha-down:before{content:"\f15d"}.fa-sort-alpha-down-alt:before{content:"\f881"}.fa-sort-alpha-up:before{content:"\f15e"}.fa-sort-alpha-up-alt:before{content:"\f882"}.fa-sort-amount-down:before{content:"\f160"}.fa-sort-amount-down-alt:before{content:"\f884"}.fa-sort-amount-up:before{content:"\f161"}.fa-sort-amount-up-alt:before{content:"\f885"}.fa-sort-down:before{content:"\f0dd"}.fa-sort-numeric-down:before{content:"\f162"}.fa-sort-numeric-down-alt:before{content:"\f886"}.fa-sort-numeric-up:before{content:"\f163"}.fa-sort-numeric-up-alt:before{content:"\f887"}.fa-sort-up:before{content:"\f0de"}.fa-soundcloud:before{content:"\f1be"}.fa-sourcetree:before{content:"\f7d3"}.fa-spa:before{content:"\f5bb"}.fa-space-shuttle:before{content:"\f197"}.fa-speakap:before{content:"\f3f3"}.fa-speaker-deck:before{content:"\f83c"}.fa-spell-check:before{content:"\f891"}.fa-spider:before{content:"\f717"}.fa-spinner:before{content:"\f110"}.fa-splotch:before{content:"\f5bc"}.fa-spotify:before{content:"\f1bc"}.fa-spray-can:before{content:"\f5bd"}.fa-square:before{content:"\f0c8"}.fa-square-full:before{content:"\f45c"}.fa-square-root-alt:before{content:"\f698"}.fa-squarespace:before{content:"\f5be"}.fa-stack-exchange:before{content:"\f18d"}.fa-stack-overflow:before{content:"\f16c"}.fa-stackpath:before{content:"\f842"}.fa-stamp:before{content:"\f5bf"}.fa-star:before{content:"\f005"}.fa-star-and-crescent:before{content:"\f699"}.fa-star-half:before{content:"\f089"}.fa-star-half-alt:before{content:"\f5c0"}.fa-star-of-david:before{content:"\f69a"}.fa-star-of-life:before{content:"\f621"}.fa-staylinked:before{content:"\f3f5"}.fa-steam:before{content:"\f1b6"}.fa-steam-square:before{content:"\f1b7"}.fa-steam-symbol:before{content:"\f3f6"}.fa-step-backward:before{content:"\f048"}.fa-step-forward:before{content:"\f051"}.fa-stethoscope:before{content:"\f0f1"}.fa-sticker-mule:before{content:"\f3f7"}.fa-sticky-note:before{content:"\f249"}.fa-stop:before{content:"\f04d"}.fa-stop-circle:before{content:"\f28d"}.fa-stopwatch:before{content:"\f2f2"}.fa-stopwatch-20:before{content:"\f96f"}.fa-store:before{content:"\f54e"}.fa-store-alt:before{content:"\f54f"}.fa-store-alt-slash:before{content:"\f970"}.fa-store-slash:before{content:"\f971"}.fa-strava:before{content:"\f428"}.fa-stream:before{content:"\f550"}.fa-street-view:before{content:"\f21d"}.fa-strikethrough:before{content:"\f0cc"}.fa-stripe:before{content:"\f429"}.fa-stripe-s:before{content:"\f42a"}.fa-stroopwafel:before{content:"\f551"}.fa-studiovinari:before{content:"\f3f8"}.fa-stumbleupon:before{content:"\f1a4"}.fa-stumbleupon-circle:before{content:"\f1a3"}.fa-subscript:before{content:"\f12c"}.fa-subway:before{content:"\f239"}.fa-suitcase:before{content:"\f0f2"}.fa-suitcase-rolling:before{content:"\f5c1"}.fa-sun:before{content:"\f185"}.fa-superpowers:before{content:"\f2dd"}.fa-superscript:before{content:"\f12b"}.fa-supple:before{content:"\f3f9"}.fa-surprise:before{content:"\f5c2"}.fa-suse:before{content:"\f7d6"}.fa-swatchbook:before{content:"\f5c3"}.fa-swift:before{content:"\f8e1"}.fa-swimmer:before{content:"\f5c4"}.fa-swimming-pool:before{content:"\f5c5"}.fa-symfony:before{content:"\f83d"}.fa-synagogue:before{content:"\f69b"}.fa-sync:before{content:"\f021"}.fa-sync-alt:before{content:"\f2f1"}.fa-syringe:before{content:"\f48e"}.fa-table:before{content:"\f0ce"}.fa-table-tennis:before{content:"\f45d"}.fa-tablet:before{content:"\f10a"}.fa-tablet-alt:before{content:"\f3fa"}.fa-tablets:before{content:"\f490"}.fa-tachometer-alt:before{content:"\f3fd"}.fa-tag:before{content:"\f02b"}.fa-tags:before{content:"\f02c"}.fa-tape:before{content:"\f4db"}.fa-tasks:before{content:"\f0ae"}.fa-taxi:before{content:"\f1ba"}.fa-teamspeak:before{content:"\f4f9"}.fa-teeth:before{content:"\f62e"}.fa-teeth-open:before{content:"\f62f"}.fa-telegram:before{content:"\f2c6"}.fa-telegram-plane:before{content:"\f3fe"}.fa-temperature-high:before{content:"\f769"}.fa-temperature-low:before{content:"\f76b"}.fa-tencent-weibo:before{content:"\f1d5"}.fa-tenge:before{content:"\f7d7"}.fa-terminal:before{content:"\f120"}.fa-text-height:before{content:"\f034"}.fa-text-width:before{content:"\f035"}.fa-th:before{content:"\f00a"}.fa-th-large:before{content:"\f009"}.fa-th-list:before{content:"\f00b"}.fa-the-red-yeti:before{content:"\f69d"}.fa-theater-masks:before{content:"\f630"}.fa-themeco:before{content:"\f5c6"}.fa-themeisle:before{content:"\f2b2"}.fa-thermometer:before{content:"\f491"}.fa-thermometer-empty:before{content:"\f2cb"}.fa-thermometer-full:before{content:"\f2c7"}.fa-thermometer-half:before{content:"\f2c9"}.fa-thermometer-quarter:before{content:"\f2ca"}.fa-thermometer-three-quarters:before{content:"\f2c8"}.fa-think-peaks:before{content:"\f731"}.fa-thumbs-down:before{content:"\f165"}.fa-thumbs-up:before{content:"\f164"}.fa-thumbtack:before{content:"\f08d"}.fa-ticket-alt:before{content:"\f3ff"}.fa-times:before{content:"\f00d"}.fa-times-circle:before{content:"\f057"}.fa-tint:before{content:"\f043"}.fa-tint-slash:before{content:"\f5c7"}.fa-tired:before{content:"\f5c8"}.fa-toggle-off:before{content:"\f204"}.fa-toggle-on:before{content:"\f205"}.fa-toilet:before{content:"\f7d8"}.fa-toilet-paper:before{content:"\f71e"}.fa-toilet-paper-slash:before{content:"\f972"}.fa-toolbox:before{content:"\f552"}.fa-tools:before{content:"\f7d9"}.fa-tooth:before{content:"\f5c9"}.fa-torah:before{content:"\f6a0"}.fa-torii-gate:before{content:"\f6a1"}.fa-tractor:before{content:"\f722"}.fa-trade-federation:before{content:"\f513"}.fa-trademark:before{content:"\f25c"}.fa-traffic-light:before{content:"\f637"}.fa-trailer:before{content:"\f941"}.fa-train:before{content:"\f238"}.fa-tram:before{content:"\f7da"}.fa-transgender:before{content:"\f224"}.fa-transgender-alt:before{content:"\f225"}.fa-trash:before{content:"\f1f8"}.fa-trash-alt:before{content:"\f2ed"}.fa-trash-restore:before{content:"\f829"}.fa-trash-restore-alt:before{content:"\f82a"}.fa-tree:before{content:"\f1bb"}.fa-trello:before{content:"\f181"}.fa-tripadvisor:before{content:"\f262"}.fa-trophy:before{content:"\f091"}.fa-truck:before{content:"\f0d1"}.fa-truck-loading:before{content:"\f4de"}.fa-truck-monster:before{content:"\f63b"}.fa-truck-moving:before{content:"\f4df"}.fa-truck-pickup:before{content:"\f63c"}.fa-tshirt:before{content:"\f553"}.fa-tty:before{content:"\f1e4"}.fa-tumblr:before{content:"\f173"}.fa-tumblr-square:before{content:"\f174"}.fa-tv:before{content:"\f26c"}.fa-twitch:before{content:"\f1e8"}.fa-twitter:before{content:"\f099"}.fa-twitter-square:before{content:"\f081"}.fa-typo3:before{content:"\f42b"}.fa-uber:before{content:"\f402"}.fa-ubuntu:before{content:"\f7df"}.fa-uikit:before{content:"\f403"}.fa-umbraco:before{content:"\f8e8"}.fa-umbrella:before{content:"\f0e9"}.fa-umbrella-beach:before{content:"\f5ca"}.fa-underline:before{content:"\f0cd"}.fa-undo:before{content:"\f0e2"}.fa-undo-alt:before{content:"\f2ea"}.fa-uniregistry:before{content:"\f404"}.fa-unity:before{content:"\f949"}.fa-universal-access:before{content:"\f29a"}.fa-university:before{content:"\f19c"}.fa-unlink:before{content:"\f127"}.fa-unlock:before{content:"\f09c"}.fa-unlock-alt:before{content:"\f13e"}.fa-untappd:before{content:"\f405"}.fa-upload:before{content:"\f093"}.fa-ups:before{content:"\f7e0"}.fa-usb:before{content:"\f287"}.fa-user:before{content:"\f007"}.fa-user-alt:before{content:"\f406"}.fa-user-alt-slash:before{content:"\f4fa"}.fa-user-astronaut:before{content:"\f4fb"}.fa-user-check:before{content:"\f4fc"}.fa-user-circle:before{content:"\f2bd"}.fa-user-clock:before{content:"\f4fd"}.fa-user-cog:before{content:"\f4fe"}.fa-user-edit:before{content:"\f4ff"}.fa-user-friends:before{content:"\f500"}.fa-user-graduate:before{content:"\f501"}.fa-user-injured:before{content:"\f728"}.fa-user-lock:before{content:"\f502"}.fa-user-md:before{content:"\f0f0"}.fa-user-minus:before{content:"\f503"}.fa-user-ninja:before{content:"\f504"}.fa-user-nurse:before{content:"\f82f"}.fa-user-plus:before{content:"\f234"}.fa-user-secret:before{content:"\f21b"}.fa-user-shield:before{content:"\f505"}.fa-user-slash:before{content:"\f506"}.fa-user-tag:before{content:"\f507"}.fa-user-tie:before{content:"\f508"}.fa-user-times:before{content:"\f235"}.fa-users:before{content:"\f0c0"}.fa-users-cog:before{content:"\f509"}.fa-usps:before{content:"\f7e1"}.fa-ussunnah:before{content:"\f407"}.fa-utensil-spoon:before{content:"\f2e5"}.fa-utensils:before{content:"\f2e7"}.fa-vaadin:before{content:"\f408"}.fa-vector-square:before{content:"\f5cb"}.fa-venus:before{content:"\f221"}.fa-venus-double:before{content:"\f226"}.fa-venus-mars:before{content:"\f228"}.fa-viacoin:before{content:"\f237"}.fa-viadeo:before{content:"\f2a9"}.fa-viadeo-square:before{content:"\f2aa"}.fa-vial:before{content:"\f492"}.fa-vials:before{content:"\f493"}.fa-viber:before{content:"\f409"}.fa-video:before{content:"\f03d"}.fa-video-slash:before{content:"\f4e2"}.fa-vihara:before{content:"\f6a7"}.fa-vimeo:before{content:"\f40a"}.fa-vimeo-square:before{content:"\f194"}.fa-vimeo-v:before{content:"\f27d"}.fa-vine:before{content:"\f1ca"}.fa-virus:before{content:"\f974"}.fa-virus-slash:before{content:"\f975"}.fa-viruses:before{content:"\f976"}.fa-vk:before{content:"\f189"}.fa-vnv:before{content:"\f40b"}.fa-voicemail:before{content:"\f897"}.fa-volleyball-ball:before{content:"\f45f"}.fa-volume-down:before{content:"\f027"}.fa-volume-mute:before{content:"\f6a9"}.fa-volume-off:before{content:"\f026"}.fa-volume-up:before{content:"\f028"}.fa-vote-yea:before{content:"\f772"}.fa-vr-cardboard:before{content:"\f729"}.fa-vuejs:before{content:"\f41f"}.fa-walking:before{content:"\f554"}.fa-wallet:before{content:"\f555"}.fa-warehouse:before{content:"\f494"}.fa-water:before{content:"\f773"}.fa-wave-square:before{content:"\f83e"}.fa-waze:before{content:"\f83f"}.fa-weebly:before{content:"\f5cc"}.fa-weibo:before{content:"\f18a"}.fa-weight:before{content:"\f496"}.fa-weight-hanging:before{content:"\f5cd"}.fa-weixin:before{content:"\f1d7"}.fa-whatsapp:before{content:"\f232"}.fa-whatsapp-square:before{content:"\f40c"}.fa-wheelchair:before{content:"\f193"}.fa-whmcs:before{content:"\f40d"}.fa-wifi:before{content:"\f1eb"}.fa-wikipedia-w:before{content:"\f266"}.fa-wind:before{content:"\f72e"}.fa-window-close:before{content:"\f410"}.fa-window-maximize:before{content:"\f2d0"}.fa-window-minimize:before{content:"\f2d1"}.fa-window-restore:before{content:"\f2d2"}.fa-windows:before{content:"\f17a"}.fa-wine-bottle:before{content:"\f72f"}.fa-wine-glass:before{content:"\f4e3"}.fa-wine-glass-alt:before{content:"\f5ce"}.fa-wix:before{content:"\f5cf"}.fa-wizards-of-the-coast:before{content:"\f730"}.fa-wolf-pack-battalion:before{content:"\f514"}.fa-won-sign:before{content:"\f159"}.fa-wordpress:before{content:"\f19a"}.fa-wordpress-simple:before{content:"\f411"}.fa-wpbeginner:before{content:"\f297"}.fa-wpexplorer:before{content:"\f2de"}.fa-wpforms:before{content:"\f298"}.fa-wpressr:before{content:"\f3e4"}.fa-wrench:before{content:"\f0ad"}.fa-x-ray:before{content:"\f497"}.fa-xbox:before{content:"\f412"}.fa-xing:before{content:"\f168"}.fa-xing-square:before{content:"\f169"}.fa-y-combinator:before{content:"\f23b"}.fa-yahoo:before{content:"\f19e"}.fa-yammer:before{content:"\f840"}.fa-yandex:before{content:"\f413"}.fa-yandex-international:before{content:"\f414"}.fa-yarn:before{content:"\f7e3"}.fa-yelp:before{content:"\f1e9"}.fa-yen-sign:before{content:"\f157"}.fa-yin-yang:before{content:"\f6ad"}.fa-yoast:before{content:"\f2b1"}.fa-youtube:before{content:"\f167"}.fa-youtube-square:before{content:"\f431"}.fa-zhihu:before{content:"\f63f"}.sr-only{border:0;clip:rect(0,0,0,0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.sr-only-focusable:active,.sr-only-focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}@font-face{font-family:"Font Awesome 5 Brands";font-style:normal;font-weight:400;font-display:block;src:url(/css/fonts/awesome5/fa-brands-400.eot);src:url(/css/fonts/awesome5/fa-brands-400.eot?#iefix) format("embedded-opentype"),url(/css/fonts/awesome5/fa-brands-400.woff2) format("woff2"),url(/css/fonts/awesome5/fa-brands-400.woff) format("woff"),url(/css/fonts/awesome5/fa-brands-400.ttf) format("truetype"),url(/css/fonts/awesome5/fa-brands-400.svg#fontawesome) format("svg")}.fab{font-family:"Font Awesome 5 Brands"}@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:400;font-display:block;src:url(/css/fonts/awesome5/fa-regular-400.eot);src:url(/css/fonts/awesome5/fa-regular-400.eot?#iefix) format("embedded-opentype"),url(/css/fonts/awesome5/fa-regular-400.woff2) format("woff2"),url(/css/fonts/awesome5/fa-regular-400.woff) format("woff"),url(/css/fonts/awesome5/fa-regular-400.ttf) format("truetype"),url(/css/fonts/awesome5/fa-regular-400.svg#fontawesome) format("svg")}.fab,.far{font-weight:400}@font-face{font-family:"Font Awesome 5 Free";font-style:normal;font-weight:900;font-display:block;src:url(/css/fonts/awesome5/fa-solid-900.eot);src:url(/css/fonts/awesome5/fa-solid-900.eot?#iefix) format("embedded-opentype"),url(/css/fonts/awesome5/fa-solid-900.woff2) format("woff2"),url(/css/fonts/awesome5/fa-solid-900.woff) format("woff"),url(/css/fonts/awesome5/fa-solid-900.ttf) format("truetype"),url(/css/fonts/awesome5/fa-solid-900.svg#fontawesome) format("svg")}.fa,.far,.fas{font-family:"Font Awesome 5 Free"}.fa,.fas{font-weight:900} \ No newline at end of file diff --git a/web/css/fonts/font_lobster.css b/web/css/fonts/font_lobster.css new file mode 100644 index 00000000..29ef5db3 --- /dev/null +++ b/web/css/fonts/font_lobster.css @@ -0,0 +1,7 @@ +@font-face { + font-family: 'Lobster'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(/css/fonts/lobster/neILzCirqoswsqX9_oU.ttf) format('truetype'); +} diff --git a/web/css/fonts/font_sans_pro.css b/web/css/fonts/font_sans_pro.css new file mode 100644 index 00000000..6562e076 --- /dev/null +++ b/web/css/fonts/font_sans_pro.css @@ -0,0 +1,84 @@ +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 200; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokRdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 300; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkhdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 400; + font-display: swap; + src: url(/css/fonts/sanspro/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPa7g.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 600; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lBdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 700; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: italic; + font-weight: 900; + font-display: swap; + src: url(/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklxdr.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 200; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_AkA.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 300; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zAkA.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 400; + font-display: swap; + src: url(/css/fonts/sanspro/6xK3dSBYKcSV-LCoeQqfX1RYOo3aPw.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 600; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkA.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 700; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkA.ttf) format('truetype'); +} +@font-face { + font-family: 'Source Sans Pro'; + font-style: normal; + font-weight: 900; + font-display: swap; + src: url(/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nAkA.ttf) format('truetype'); +} diff --git a/web/css/fonts/lobster/neILzCirqoswsqX9_oU.ttf b/web/css/fonts/lobster/neILzCirqoswsqX9_oU.ttf new file mode 100644 index 00000000..a7f729d3 Binary files /dev/null and b/web/css/fonts/lobster/neILzCirqoswsqX9_oU.ttf differ diff --git a/web/css/fonts/sanspro/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPa7g.ttf b/web/css/fonts/sanspro/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPa7g.ttf new file mode 100644 index 00000000..01223b86 Binary files /dev/null and b/web/css/fonts/sanspro/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPa7g.ttf differ diff --git a/web/css/fonts/sanspro/6xK3dSBYKcSV-LCoeQqfX1RYOo3aPw.ttf b/web/css/fonts/sanspro/6xK3dSBYKcSV-LCoeQqfX1RYOo3aPw.ttf new file mode 100644 index 00000000..5447a5ff Binary files /dev/null and b/web/css/fonts/sanspro/6xK3dSBYKcSV-LCoeQqfX1RYOo3aPw.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lBdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lBdr.ttf new file mode 100644 index 00000000..65a76bfd Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZY4lBdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokRdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokRdr.ttf new file mode 100644 index 00000000..b814440f Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZYokRdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkhdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkhdr.ttf new file mode 100644 index 00000000..a9a32e42 Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZMkhdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdr.ttf new file mode 100644 index 00000000..2e10a398 Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZclRdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklxdr.ttf b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklxdr.ttf new file mode 100644 index 00000000..4bd30ff9 Binary files /dev/null and b/web/css/fonts/sanspro/6xKwdSBYKcSV-LCoeQqfX1RYOo3qPZZklxdr.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkA.ttf new file mode 100644 index 00000000..9f8a3453 Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rAkA.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_AkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_AkA.ttf new file mode 100644 index 00000000..3ba2f35b Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3i94_AkA.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkA.ttf new file mode 100644 index 00000000..388869cd Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vAkA.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zAkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zAkA.ttf new file mode 100644 index 00000000..e9008d32 Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zAkA.ttf differ diff --git a/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nAkA.ttf b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nAkA.ttf new file mode 100644 index 00000000..9acf5854 Binary files /dev/null and b/web/css/fonts/sanspro/6xKydSBYKcSV-LCoeQqfX1RYOo3iu4nAkA.ttf differ diff --git a/web/css/styles.fix.css.map b/web/css/styles.fix.css.map new file mode 100644 index 00000000..c6718a78 --- /dev/null +++ b/web/css/styles.fix.css.map @@ -0,0 +1 @@ +{"version":3,"sourceRoot":"","sources":["styles.fix.scss"],"names":[],"mappings":";AAAA;EACI;EACA;EACA;;;AAMJ;EACI;;;AAGJ;EACI;EACA;EACA;EACA;;;AAGJ;EACI;EACA;;;AAGJ;EACI;EACA;EACA;EACA;;AAOJ;EACI;EACA;EACA;EACA;;AAOJ;EACI;EACA;;;AAGJ;EACI;;;AAGJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EAEA;;AAEA;EACI;EACA;;AAEA;EACI;;AAMR;EACI;;AAEA;EACI;AACA;EACA;EACA;EACA;EACA;EACA;AACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGJ;EACI;EACA;;AAII;EACI;EACA;EACA;;AAEA;EACI;;AAEJ;EACI;;AAMJ;EACI;EACA;EACA;EACA;EACA;;AAQZ;EACI;;AAEA;EACI;;AAIR;EACI;;AAGJ;EACI;;AAKZ;EACI;;;AAQR;EACI;EACA;;AAEA;EACI;;AAEA;EACI;EACA;EAGA;EACA;EACA;EACA;EACA;EACA;EACA;EAyCA;EAEA;AAAwB;EACxB;AAAgC;AAEhC;AAMA;AAKA;;AAVA;EACI;EACA;;AAIJ;EACI;;AAIJ;EACI;;AAIJ;AACI;;AACA;EACI;;AAKR;EAEI;EAKA;EACA;EACA;EACA;EACA;EAGA;EACA;;AAIJ;EACI;;AAEA;EACI;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAQZ;EACI;EACA;;AAII;EACI;;AAEA;EACI;;AAMZ;EACI;EACA;EAEA;EACA;EACA;EACA;EACA;EACA;EAEA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAGJ;EACI;EACA;EACA;EACA;EACA;;AAIR;EACI;;AAEA;EAEI;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EAIA;EAEA;EACA;EACA;EAEA;;AA8BA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EAIA;EAEA;EACA;EACA;EAEA;;AAIR;EACI;EACA;EACA;EACA;;AASR;EACI;;AAKA;EACI;;AAEJ;EAEI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAQR;EACI;;AAKA;EACI;;AAEJ;EACI;;AAEJ;EACI;;AAWxB;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;;AAGJ;EACI;;AAcJ;EACI;EACA;;AAEA;EACI;EACA;EACA;;AAGJ;EACI;;AAiBgB;EACI;EACA;;AAGJ;EACI;;AAqCZ;EACI;;AAmBxB;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EAEI;;AAOI;EACI;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;;AAEA;EACI;;AAUR;EACI;;AAQZ;EACI;EACA;EACA;EACA;EACA;;AAGJ;EACI;;AAGJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAOJ;EACI;;AAYZ;EACI;EACA;EACA;;AAEA;EACI;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;;AAQR;EACI;;AAEA;EACI;;AAGR;EACI;EAEA;;AAEA;EACI;;AAGR;EACI;EACA;;AAEA;EACI;;AAGR;EACI;;AAEA;EACI;;AAGR;EACI;EACA;EACA;;AAEA;EACI;;AAGJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EAEA;EACA;EAEA;EACA;;AAKZ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EAII;EACA;EACA;;AAKZ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAGJ;EACI;;AAIR;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAIR;EACI;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAKZ;EACI;EACA;EACA;;AAEJ;EACI;EACA;;AAEA;EACI;;AAUJ;EACI;EACA;EACA;EACA;;AA0BR;EACI;EACA;EACA;EACA;EACA;EACA;EACA;AACA;EACA;EACA;EACA;EACA;EACA;EAQA;EAEA;AAAwB;AAExB;AAKA;AAKA;AAMA;;AAfA;EACI;;AAIJ;EACI;;AAIJ;EACI;EACA;;AAIJ;EACI;EACA;;AAGJ;EACI;;AAIJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;;AAKR;EACI;EACA;EACA;EACA;;AAEA;EACI;EACA;;AAEA;EACI;EACA;EACA;;AAGJ;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAIA;EACI;;AAKJ;EACI;;AAKJ;EACI;;AAKJ;EACI;;;AA8CxB;EACI;;;AAGJ;EACI;;;AAEJ;EACI;;;AAGJ;EACI;;;AAIJ;EACI;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;EACA;EACA;EACA;;AAQwB;EACI;EACA;EACA;;AAEA;EACI;EACA;AACA;EACA;EACA;EACA;EACA;EACA;AACA;EACA;EACA;EACA;;AAEA;EACI;;AAIZ;EACI;EACA;;AAEA;EACI;EACA;EACA;EACA;EACA;EACA;;AAGJ;EACI;EACA;EACA;EACA;EACA;;AAKR;EACI;EACA;EACA;EACA;;AAUhC;EACI;;;AAMJ;EACI","file":"styles.fix.css"} \ No newline at end of file diff --git a/web/css/styles.min.css b/web/css/styles.min.css index edc706d5..d84a6a85 100644 --- a/web/css/styles.min.css +++ b/web/css/styles.min.css @@ -1,168 +1,18 @@ -/* Syntax Quick Reference - -------------------------- - column($ratios: 1, $offset: 0, $cycle: 0, $uncycle: 0, $gutter: $jeet-gutter) - span($ratio: 1, $offset: 0) - shift($ratios: 0, $col_or_span: column, $gutter: $jeet-gutter) - unshift() - edit() - center($max_width: 1410px, $pad: 0) - stack($pad: 0, $align: false) - unstack() - align($direction: both) - cf() -*/ -/** - * Grid settings. - * All values are defaults and can therefore be easily overidden. - */ -/** - * List functions courtesy of the wonderful folks at Team Sass. - * Check out their awesome grid: Singularity. - */ -/** - * Get percentage from a given ratio. - * @param {number} [$ratio=1] - The column ratio of the element. - * @returns {number} - The percentage value. - */ -/** - * Work out the column widths based on the ratio and gutter sizes. - * @param {number} [$ratios=1] - The column ratio of the element. - * @param {number} [$gutter=$jeet-gutter] - The gutter for the column. - * @returns {list} $width $gutter - A list containing the with and gutter for the element. - */ -/** - * Get the set layout direction for the project. - * @returns {string} $direction - The layout direction. - */ -/** - * Replace a specified list value with a new value (uses built in set-nth() if available) - * @param {list} $list - The list of values you want to alter. - * @param {number} $index - The index of the list item you want to replace. - * @param {*} $value - The value you want to replace $index with. - * @returns {list} $list - The list with the value replaced or removed. - * @warn if an invalid index is supplied. - */ -/** - * Reverse a list (progressively enhanced for Sass 3.3) - * @param {list} $list - The list of values you want to reverse. - * @returns {list} $result - The reversed list. - */ -/** - * Get the opposite direction to a given value. - * @param {string} $dir - The direction you want the opposite of. - * @returns {string} - The opposite direction to $dir. - * @warn if an incorrect string is provided. - */ -/** - * Style an element as a column with a gutter. - * @param {number} [$ratios=1] - A width relative to its container as a fraction. - * @param {number} [$offset=0] - A offset specified as a fraction (see $ratios). - * @param {number} [$cycle=0] - Easily create an nth column grid where $cycle equals the number of columns. - * @param {number} [$uncycle=0] - Undo a previous cycle value to allow for a new one. - * @param {number} [$gutter=$jeet-gutter] - Specify the gutter width as a percentage of the containers width. - */ -/** - * An alias for the column mixin. - * @param [$args...] - All arguments get passed through to column(). - */ -/** - * Get the width of a column and nothing else. - * @param {number} [$ratios=1] - A width relative to its container as a fraction. - * @param {number} [$gutter=$jeet-gutter] - Specify the gutter width as a percentage of the containers width. - */ -/** - * Get the gutter size of a column and nothing else. - * @param {number} [ratios=1] - A width relative to its container as a fraction. - * @param {number} [gutter=jeet.gutter] - Specify the gutter width as a percentage of the containers width. - */ -/** - * An alias for the column-width function. - * @param [$args...] - All arguments get passed through to column(). - */ -/** - * An alias for the column-gutter function. - * @param [$args...] - All arguments get passed through to column(). - */ -/** - * Style an element as a column without any gutters for a seamless row. - * @param {number} [$ratios=1] - A width relative to its container as a fraction. - * @param {number} [$offset=0] - A offset specified as a fraction (see $ratios). - * @param {number} [cycle=0] - Easily create an nth column grid where cycle equals the number of columns. - * @param {number} [uncycle=0] - Undo a previous cycle value to allow for a new one. - */ -/** - * Reorder columns without altering the HTML. - * @param {number} [$ratios=0] - Specify how far along you want the element to move. - * @param {string} [$col-or-span=column] - Specify whether the element has a gutter or not. - * @param {number} [$gutter=$jeet-gutter] - Specify the gutter width as a percentage of the containers width. - */ -/** - * Reset an element that has had shift() applied to it. - */ -/** - * View the grid and its layers for easy debugging. - * @param {string} [$color=black] - The background tint applied. - * @param {boolean} [$important=false] - Whether to apply the style as !important. - */ -/** - * Alias for edit(). - */ -/** - * Horizontally center an element. - * @param {number} [$max-width=1410px] - The max width the element can be. - * @param {number} [$pad=0] - Specify the element's left and right padding. - */ -/** - * Uncenter an element. - */ -/** - * Stack an element so that nothing is either side of it. - * @param {number} [$pad=0] - Specify the element's left and right padding. - * @param {boolean/string} [$align=false] - Specify the text align for the element. - */ -/** - * Unstack an element. - */ -/** - * Center an element on either or both axes. - * @requires A parent container with relative positioning. - * @param {string} [$direction=both] - Specify which axes to center the element on. - */ -/** - * Apply a clearfix to an element. - */ -/* ========================================================================== - Normalize.scss settings - ========================================================================== */ -/** - * Includes legacy browser support IE6/7 - * - * Set to false if you want to drop support for IE6 and IE7 - */ -/* Base - ========================================================================== */ -/** - * 1. Set default font family to sans-serif. - * 2. Prevent iOS text size adjust after orientation change, without disabling - * user zoom. - * 3. Corrects text resizing oddly in IE 6/7 when body `font-size` is set using - * `em` units. - */ html { - font-family: sans-serif; - /* 1 */ - -ms-text-size-adjust: 100%; - /* 2 */ - -webkit-text-size-adjust: 100%; - /* 2 */ + font-family: sans-serif; + /* 1 */ + -ms-text-size-adjust: 100%; + /* 2 */ + -webkit-text-size-adjust: 100%; + /* 2 */ } /** * Remove default margin. */ body { - margin: 0; - background-color: #fff; + margin: 0; + background-color: #fff; } /* HTML5 display definitions @@ -173,34 +23,19 @@ body { * and Firefox. * Correct `block` display not defined for `main` in IE 11. */ -article, -aside, -details, -figcaption, -figure, -footer, -header, -hgroup, -main, -menu, -nav, -section, -summary { - display: block; +article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { + display: block; } /** * 1. Correct `inline-block` display not defined in IE 6/7/8/9 and Firefox 3. * 2. Normalize vertical alignment of `progress` in Chrome, Firefox, and Opera. */ -audio, -canvas, -progress, -video { - display: inline-block; - /* 1 */ - vertical-align: baseline; - /* 2 */ +audio, canvas, progress, video { + display: inline-block; + /* 1 */ + vertical-align: baseline; + /* 2 */ } /** @@ -208,61 +43,55 @@ video { * Remove excess height in iOS 5 devices. */ audio:not([controls]) { - display: none; - height: 0; + display: none; + height: 0; } /** * Address `[hidden]` styling not present in IE 8/9/10. * Hide the `template` element in IE 8/9/11, Safari, and Firefox < 22. */ -[hidden], -template { - display: none; +[hidden], template, .hidden { + display: none; } -.hidden { - display: none; -} /* Links ========================================================================== */ /** * Remove the gray background color from active links in IE 10. */ a { - background-color: transparent; + background-color: transparent; +} +a:active, a:hover { + outline: 0; } /** * Improve readability when focused and also mouse hovered in all browsers. */ -a:active, a:hover { - outline: 0; -} - /* Text-level semantics ========================================================================== */ /** * Address styling not present in IE 8/9/10/11, Safari, and Chrome. */ abbr[title] { - border-bottom: 1px dotted; + border-bottom: 1px dotted; } /** * Address style set to `bolder` in Firefox 4+, Safari, and Chrome. */ -b, -strong { - font-weight: bold; - color: #5f5f5f; +b, strong { + font-weight: bold; + color: #5f5f5f; } /** * Address styling not present in Safari and Chrome. */ dfn { - font-style: italic; + font-style: italic; } /** @@ -270,42 +99,45 @@ dfn { * contexts in Firefox 4+, Safari, and Chrome. */ h1 { - font-size: 2em; - margin: 0.67em 0; + font-size: 2em; + margin: 0.67em 0; } /** * Addresses styling not present in IE 8/9. */ mark { - background: #ff0; - color: #000; + background: #ff0; + color: #000; } /** * Address inconsistent and variable font size in all browsers. */ small { - font-size: 80%; + font-size: 80%; } /** * Prevent `sub` and `sup` affecting `line-height` in all browsers. */ -sub, -sup { - font-size: 75%; - line-height: 0; - position: relative; - vertical-align: baseline; +sub { + font-size: 75%; + line-height: 0; + position: relative; + vertical-align: baseline; } sup { - top: -0.5em; + font-size: 75%; + line-height: 0; + position: relative; + vertical-align: baseline; + top: -0.5em; } sub { - bottom: -0.25em; + bottom: -0.25em; } /* Embedded content @@ -315,14 +147,14 @@ sub { * 2. Improves image quality when scaled in IE 7. */ img { - border: 0; + border: 0; } /** * Correct overflow not hidden in IE 9/10/11. */ svg:not(:root) { - overflow: hidden; + overflow: hidden; } /* Grouping content @@ -331,34 +163,31 @@ svg:not(:root) { * Address margin not present in IE 8/9 and Safari. */ figure { - margin: 1em 40px; + margin: 1em 40px; } /** * Address differences between Firefox and other browsers. */ hr { - box-sizing: content-box; - height: 0; + box-sizing: content-box; + height: 0; } /** * Contain overflow in all browsers. */ pre { - overflow: auto; + overflow: auto; } /** * Address odd `em`-unit font size rendering in all browsers. * Correct font family set oddly in IE 6, Safari 4/5, and Chrome. */ -code, -kbd, -pre, -samp { - font-family: monospace, monospace; - font-size: 1em; +code, kbd, pre, samp { + font-family: monospace, monospace; + font-size: 1em; } /* Forms @@ -374,24 +203,23 @@ samp { * 3. Address margins set differently in Firefox 4+, Safari, and Chrome. * 4. Improves appearance and consistency in all browsers. */ -button, -input, -optgroup, -select, -textarea { - color: inherit; - /* 1 */ - font: inherit; - /* 2 */ - margin: 0; - /* 3 */ +button, input, optgroup, select, textarea { + color: inherit; + /* 1 */ + font: inherit; + /* 2 */ + margin: 0; + /* 3 */ } /** * Address `overflow` set to `hidden` in IE 8/9/10/11. */ button { - overflow: visible; + overflow: visible; + text-transform: none; + /*color: transparent !important;*/ + text-shadow: 0 0 0 #555 !important; } /** @@ -400,11 +228,10 @@ button { * Correct `button` style inheritance in Firefox, IE 8/9/10/11, and Opera. * Correct `select` style inheritance in Firefox. */ -button, select { - text-transform: none; - /*color: transparent !important;*/ - text-shadow: 0 0 0 #555 !important; + text-transform: none; + /*color: transparent !important;*/ + text-shadow: 0 0 0 #555 !important; } /** @@ -416,93 +243,92 @@ select { * 4. Removes inner spacing in IE 7 without affecting normal text inputs. * Known issue: inner spacing remains in IE 6. */ -button, -html input[type="button"], -input[type="reset"], -input[type="submit"] { - -webkit-appearance: button; - /* 2 */ - cursor: pointer; - /* 3 */ +button, html input[type=button] { + -webkit-appearance: button; + /* 2 */ + cursor: pointer; + /* 3 */ +} + +input[type=reset], input[type=submit] { + -webkit-appearance: button; + /* 2 */ + cursor: pointer; + /* 3 */ } /** * Re-set default cursor for disabled elements. */ -button[disabled], -html input[disabled] { - cursor: default; +button[disabled], html input[disabled] { + cursor: default; } /** * Remove inner padding and border in Firefox 4+. */ -button::-moz-focus-inner, +button::-moz-focus-inner { + border: 0; + padding: 0; +} + +input { + line-height: normal; +} input::-moz-focus-inner { - border: 0; - padding: 0; + border: 0; + padding: 0; +} +input[type=checkbox], input[type=radio] { + box-sizing: border-box; + /* 1 */ + padding: 0; + /* 2 */ +} +input[type=number]::-webkit-inner-spin-button, input[type=number]::-webkit-outer-spin-button { + height: auto; +} +input[type=search] { + -webkit-appearance: textfield; + /* 1 */ + /* 2 */ + box-sizing: content-box; +} +input[type=search]::-webkit-search-cancel-button, input[type=search]::-webkit-search-decoration { + -webkit-appearance: none; } /** * Address Firefox 4+ setting `line-height` on `input` using `!important` in * the UA stylesheet. */ -input { - line-height: normal; -} - /** * 1. Address box sizing set to `content-box` in IE 8/9/10. * 2. Remove excess padding in IE 8/9/10. * Known issue: excess padding remains in IE 6. */ -input[type="checkbox"], -input[type="radio"] { - box-sizing: border-box; - /* 1 */ - padding: 0; - /* 2 */ -} - /** * Fix the cursor style for Chrome's increment/decrement buttons. For certain * `font-size` values of the `input`, it causes the cursor style of the * decrement button to change from `default` to `text`. */ -input[type="number"]::-webkit-inner-spin-button, -input[type="number"]::-webkit-outer-spin-button { - height: auto; -} - /** * 1. Address `appearance` set to `searchfield` in Safari and Chrome. * 2. Address `box-sizing` set to `border-box` in Safari and Chrome * (include `-moz` to future-proof). */ -input[type="search"] { - -webkit-appearance: textfield; - /* 1 */ - /* 2 */ - box-sizing: content-box; -} - /** * Remove inner padding and search cancel button in Safari and Chrome on OS X. * Safari (but not Chrome) clips the cancel button when the search input has * padding (and `textfield` appearance). */ -input[type="search"]::-webkit-search-cancel-button, -input[type="search"]::-webkit-search-decoration { - -webkit-appearance: none; -} - /** * Define consistent border, margin, and padding. */ fieldset { - border: 1px solid #c0c0c0; - margin: 0 2px; - padding: 0.35em 0.625em 0.75em; + border: 1px solid #c0c0c0; + margin: 0 2px; + padding: 0.35em 0.625em 0.75em; } /** @@ -512,17 +338,17 @@ fieldset { * 4. Corrects alignment displayed oddly in IE 6/7. */ legend { - border: 0; - /* 1 */ - padding: 0; - /* 2 */ + border: 0; + /* 1 */ + padding: 0; + /* 2 */ } /** * Remove default vertical scrollbar in IE 8/9/10/11. */ textarea { - overflow: auto; + overflow: auto; } /** @@ -530,7 +356,7 @@ textarea { * NOTE: the default cannot safely be changed in Chrome and Safari on OS X. */ optgroup { - font-weight: bold; + font-weight: bold; } /* Tables @@ -539,2249 +365,2248 @@ optgroup { * Remove most spacing between table cells. */ table { - border-collapse: collapse; - border-spacing: 0; + border-collapse: collapse; + border-spacing: 0; } -td, -th { - padding: 0; +td, th { + padding: 0; } * { - -webkit-tap-highlight-color: transparent; + -webkit-tap-highlight-color: transparent; } body { -/* -webkit-touch-callout: none; - -webkit-text-size-adjust: none; - -webkit-user-select: none; */ + /* -webkit-touch-callout: none; + -webkit-text-size-adjust: none; + -webkit-user-select: none; */ } -html, -input, -textarea, -select, -button { - -webkit-font-smoothing: antialiased; - -moz-osx-font-smoothing: grayscale; +html, input, textarea, select, button { + -webkit-font-smoothing: antialiased; + -moz-osx-font-smoothing: grayscale; } html { - height: 100%; + height: 100%; } body { - font-family: arial; - overflow-x: hidden; - font-size: 14px; - height: 100%; - color: #929292; + font-family: arial; + overflow-x: hidden; + font-size: 14px; + height: 100%; + color: #929292; } .body-login, .body-reset { - height: auto; - padding-top: 10%; - /*background: url(/images/edit_bg.png);*/ - background-color: #eee; + height: auto; + padding-top: 10%; + /*background: url(/images/edit_bg.png);*/ + background-color: #eee; } a { - text-decoration: none; - color: #929292; + text-decoration: none; + color: #929292; } .disabled { - text-decoration: line-through; + text-decoration: line-through; } -.clearfix:before, -.clearfix:after { - content: ''; - display: table; +.clearfix:before { + content: ""; + display: table; } - .clearfix:after { - clear: both; + content: ""; + display: table; + clear: both; } .text-right { - text-align: right; + text-align: right; } .text-center { - text-align: center; + text-align: center; } .check-label { - display: inline-block; - cursor: pointer; - position: relative; - line-height: 16px; - padding-left: 26px; + display: inline-block; + cursor: pointer; + position: relative; + line-height: 16px; + padding-left: 26px; } - .check-label:before { - content: ''; - width: 16px; - height: 16px; - position: absolute; - left: 0; - top: 0; - display: inline-block; - background-image: url("/images/sprite.png?1446554103"); - background-size: 450px auto; - background-repeat: no-repeat; - background-position: -232px -9px; - z-index: 99; + content: ""; + width: 16px; + height: 16px; + position: absolute; + left: 0; + top: 0; + display: inline-block; + background-image: url("/images/sprite.png?1446554104"); + background-size: 450px auto; + background-repeat: no-repeat; + background-position: -232px -9px; + z-index: 99; } -input[type="checkbox"] { - display: none; +input[type=checkbox] { + display: none; } -.clicked-on.check-label:before, -.selected .check-label:before { - content: ''; - display: inline-block; - width: 27px; - height: 27px; - background-position: -225px -42px; - left: -6px; - top: -6px; + +.clicked-on.check-label:before, .selected .check-label:before { + content: ""; + display: inline-block; + width: 27px; + height: 27px; + background-position: -225px -42px; + left: -6px; + top: -6px; } .l-center { - margin: 0 auto; - max-width: 998px; + margin: 0 auto; + max-width: 998px; } .l-logo { - background-image: url("/images/sprite.png?1446554103"); - background-position: -117px -7px; -/* background-position: -125px -478px; */ - background-repeat: no-repeat; - display: inline-block; - float: left; - height: 22px; - margin-top: 4px; - width: 73px; -/* width: 42px; */ - margin-left: -2px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -117px -7px; + /* background-position: -125px -478px; */ + background-repeat: no-repeat; + display: inline-block; + float: left; + height: 22px; + margin-top: 4px; + width: 73px; + /* width: 42px; */ + margin-left: -2px; } .l-header { - background-color: #5d5d5d; - overflow: hidden; - margin-bottom: 28px; - position: fixed; - width: 100%; - z-index: 100; - height: 34px + background-color: #5d5d5d; + overflow: hidden; + margin-bottom: 28px; + position: fixed; + width: 100%; + z-index: 100; + height: 34px; } .l-header a { - font-size: 12px; -} - -.l-menu__item--active { - //background-color: #fff; + font-size: 12px; } .l-menu__item.l-menu__item--active a { - color: #ff6701; - font-size: 10px; - font-weight: bold; - text-transform: uppercase; - background-color: #fff; + color: #9c8cff; + font-size: 10px; + font-weight: bold; + text-transform: uppercase; + background-color: #fff; } .l-menu { - float: left; - position: fixed; - margin-left: 70px; + float: left; + position: fixed; + margin-left: 70px; } + .l-menu__item { - float: left; + float: left; } .l-menu__item a { - color: #f7f7f7; - position: relative; - line-height: 34px; - padding: 11px 18px; + color: #f7f7f7; + position: relative; + line-height: 34px; + padding: 11px 18px; } .l-menu__item a:hover { - background-color: #f79b44; - color: #fff; + background-color: #f79b44; + color: #fff; } .l-menu__item a:active { - color: #fff; - background-color: #ff6701; + color: #fff; + background-color: #9c8cff; } .l-menu.active .l-menu__item.focus a { - text-decoration: underline; - color: #5edad0; + text-decoration: underline; + color: #5edad0; } .l-menu.active .l-menu__item.focus a:hover { - background-color: #f79b44; - color: #fff; + background-color: #f79b44; + color: #fff; } +.lang-ua .l-menu__item a, .lang-nl .l-menu__item a, .lang-fr .l-menu__item a, .lang-ru .l-menu__item a { + padding: 11px 18px; +} -.lang-ua .l-menu__item a, -.lang-nl .l-menu__item a, -.lang-fr .l-menu__item a, -.lang-ru .l-menu__item a { - padding: 11px 18px; -} -.lang-el .l-menu__item a, -.lang-tr .l-menu__item a { - padding: 11px 15px; +.lang-el .l-menu__item a, .lang-tr .l-menu__item a { + padding: 11px 15px; } + .lang-ar .l-menu__item a { - padding: 11px 11px; -} -.lang-ar .l-menu__item a { - line-height: 35px; + padding: 11px 11px; + line-height: 35px; } .lang-de .l-menu__item a { - padding: 11px 12px; + padding: 11px 12px; } .lang-tw .l-menu__item a { - padding: 13px 18px; + padding: 13px 18px; } .l-profile { - overflow: hidden; - float: right; + overflow: hidden; + float: right; } + .l-profile__username { - float: left; - color: #a4abad; - font-weight: 700; - padding: 10px 0 0 10px; - margin-right: 12px; + float: left; + color: #a4abad; + font-weight: 700; + padding: 10px 0 0 10px; + margin-right: 12px; } .l-profile__username:hover { - color: #ffd62e; + color: #ffd62e; } .l-profile__username:active { - color: #f79b44; + color: #f79b44; } - .l-profile__logout { - float: left; - color: #fff; -/* margin-left: 40px; */ - padding: 10px 0 0 10px; + float: left; + color: #fff; + /* margin-left: 40px; */ + padding: 10px 0 0 10px; } .l-profile__logout:hover { - color: #C0E60E; + color: #C0E60E; } .l-profile__logout:active { - color: #ffd62e; + color: #ffd62e; } -.lang-cn .l-profile__logout { - padding: 8px 5px; -} -.lang-tw .l-profile__logout { - padding: 8px 5px; + +.lang-cn .l-profile__logout, .lang-tw .l-profile__logout { + padding: 8px 5px; } .l-profile__notifications { - background: url("/images/sprite.png?1446554103") no-repeat scroll -129px -135px; - border-radius: 30px; - color: #fff; - cursor: pointer; - float: left; - font-weight: bold; - height: 15px; - margin-right: 4px; - margin-top: 5px; - padding: 10px 5px 0; - width: 15px; + background: url("/images/sprite.png?1446554104") no-repeat scroll -129px -135px; + border-radius: 30px; + color: #fff; + cursor: pointer; + float: left; + font-weight: bold; + height: 15px; + margin-right: 4px; + margin-top: 5px; + padding: 10px 5px 0; + width: 15px; } .l-profile__notifications.active { - background-color: #454545; + background-color: #454545; } .l-profile__notifications:hover { - background-color: #333; + background-color: #333; } .l-profile__notifications:active { - background-color: #c4da5e; + background-color: #c4da5e; } .l-profile__notifications.updates { - background-position: -202px -135px; + background-position: -202px -135px; } .notification-container { - background-color: #454545; - box-shadow: 0 2px 7px 0 rgba(0, 0, 0, 0.3); - list-style-type: none; - margin: 0; - overflow: hidden; - padding-left: 0; - position: fixed; - top: 34px; - width: 351px; - z-index: 200; - font-size: 12px; - padding: 0; - color: #7f7f7f; + background-color: #454545; + box-shadow: 0 2px 7px 0 rgba(0, 0, 0, 0.3); + list-style-type: none; + margin: 0; + overflow: hidden; + padding-left: 0; + position: fixed; + top: 34px; + width: 351px; + z-index: 200; + font-size: 12px; + padding: 0; + color: #7f7f7f; } .notification-container .unseen { - color: #ABABAB; + color: #ABABAB; } - - .notification-container li { - border-bottom: 1px solid #555; - padding: 10px 15px 24px; + border-bottom: 1px solid #555; + padding: 10px 15px 24px; } .notification-container .mark-seen { - background-color: #abc04b; - border: 2px solid #454545; - border-radius: 10px; - cursor: pointer; - display: none; - float: right; - height: 7px; - margin-right: -5px; - margin-top: 0; - width: 7px; + background-color: #abc04b; + border: 2px solid #454545; + border-radius: 10px; + cursor: pointer; + display: none; + float: right; + height: 7px; + margin-right: -5px; + margin-top: 0; + width: 7px; } .notification-container .mark-seen:hover { - background-color: #333; - border-color: #abc04b; + background-color: #333; + border-color: #abc04b; } .notification-container .mark-seen:active { - background-color: #777; - border-color: #777; + background-color: #777; + border-color: #777; } -.notification-container .unseen .mark-seen{ - display: inline-block; +.notification-container .unseen .mark-seen { + display: inline-block; } .notification-container .title { - color: #9e9e9e; - font-weight: bold; - line-height: 30px; - padding: 0; - text-transform: none; - float: none; - display: block; + color: #9e9e9e; + font-weight: bold; + line-height: 30px; + padding: 0; + text-transform: none; + float: none; + display: block; } .notification-container .title a { - color: #9e9e9e; + color: #9e9e9e; } - -.notification-container .unseen .title a, .notification-container .unseen .title { - color: #C4DA5E; + color: #C4DA5E; +} +.notification-container .unseen .title a { + color: #C4DA5E; } .notification-container .unseen .title a:hover { - color: #ffcc00; + color: #ffcc00; } .notification-container .unseen .title a:active { - color: #dacf2e; + color: #dacf2e; } - .notification-container a { - color: #5ABDB5;/* #eee;*/ + color: #5ABDB5; + /* #eee;*/ } .notification-container a:hover { - color: #2CA99B; + color: #2CA99B; } .notification-container a:active { - color: #00C0C0; + color: #00C0C0; } - .notification-container .icon { - display: inline-block; - width: 0; + display: inline-block; + width: 0; } .notification-container .icon.filemanager { - display: inline-block; - width: 22px; - background: url("/images/flat_icons.png") repeat scroll -31px -100px; + display: inline-block; + width: 22px; + background: url("/images/flat_icons.png") repeat scroll -31px -100px; } .notification-container .icon.starred { - display: inline-block; - width: 21px; - background: url("/images/sprite.png?1446554103") repeat scroll -184px 556px; + display: inline-block; + width: 21px; + background: url("/images/sprite.png?1446554104") repeat scroll -184px 556px; } - - .l-stat { - margin: 0 auto; - margin: 34px auto; - position: fixed; - background-color: #fff; - z-index: 100; - padding-top: 30px; - width: 100%; - overflow: hidden; + margin: 0 auto; + margin: 34px auto; + position: fixed; + background-color: #fff; + z-index: 100; + padding-top: 30px; + width: 100%; + overflow: hidden; } + .l-stat__col { - display: block; - vertical-align: top; - float: left; + display: block; + vertical-align: top; + float: left; } .l-stat__col a { - display: inline-block; - padding-bottom: 36px; - min-height: 111px; - width: 138px; - border-bottom: 3px solid #fff; - overflow: hidden; - background-color: #fff; - padding-top: 3px; - margin-top: -3px; - padding-left: 5px; + display: inline-block; + padding-bottom: 36px; + min-height: 111px; + width: 138px; + border-bottom: 3px solid #fff; + overflow: hidden; + background-color: #fff; + padding-top: 3px; + margin-top: -3px; + padding-left: 5px; } .l-stat__col a:hover { - border-bottom: 3px solid #ff8e61; + border-bottom: 3px solid #ff8e61; } .l-stat__col a:active { - border-bottom: 3px solid #f72b44; + border-bottom: 3px solid #796cc7; } + .l-stat__col--active a { - border-bottom: 3px solid #ff6e42; + border-bottom: 3px solid #ff6e42; } .l-stat.active .l-stat__col.focus a { - border-bottom: 3px solid #5edad0; + border-bottom: 3px solid #5edad0; } .l-stat.active .l-stat__col.focus a .l-stat__col-title { - color: #36B3A9; + color: #36B3A9; } - - .l-stat__col a:hover .l-stat__col-title { - color: #ff6701; + color: #9c8cff; } .l-stat__col a:active .l-stat__col-title { - color: #f72b44; + color: #796cc7; } - - .l-stat__col ul { - list-style-type: none; - font-size: 12px; - padding-left: 0; + list-style-type: none; + font-size: 12px; + padding-left: 0; } .l-stat__col li { - color: #a0a0a0; - margin-bottom: 8px; - text-transform: lowercase; + color: #a0a0a0; + margin-bottom: 8px; + text-transform: lowercase; } .l-stat__col span { - padding-left: 15px; -} -.l-stat__col-title { - text-transform: uppercase; - font-weight: 700; - color: #212134; - min-height: 21px; -} -.l-stat__col--active .l-stat__col-title { - color: #ff6701; - font-size: 24px; - margin-top: -7px; - letter-spacing: -1px; - margin-right: -8px; + padding-left: 15px; +} + +.l-stat__col-title { + text-transform: uppercase; + font-weight: 700; + color: #212134; + min-height: 21px; +} + +.l-stat__col--active .l-stat__col-title { + color: #9c8cff; + font-size: 24px; + margin-top: -7px; + letter-spacing: -1px; + margin-right: -8px; } -.l-separator.selected, .l-separator { - height: 1px; - background-color: #ddd; + height: 1px; + background-color: #ddd; +} +.l-separator.selected { + height: 1px; + background-color: #ddd; } div.l-content > div.l-separator:nth-of-type(2) { - margin-top: 214px; - width: 100%; - position: fixed; - z-index: 120; + margin-top: 214px; + width: 100%; + position: fixed; + z-index: 120; } - div.l-content > div.l-separator:nth-of-type(4) { - margin-top: 259px; - width: 100%; - position: fixed; - z-index: 100; + margin-top: 259px; + width: 100%; + position: fixed; + z-index: 100; } .l-sort { - position: fixed; - width: 998px; - background-color: #fff; - z-index: 110; - margin-top: 215px; + position: fixed; + width: 998px; + background-color: #fff; + z-index: 110; + margin-top: 215px; } + .l-sort__create-btn { - background-image: url("/images/sprite.png?1446554103"); - background-position: -331px -107px; - background-repeat: no-repeat; - bottom: -23px; - display: inline-block; - height: 45px; - left: 30px; - position: absolute; - width: 45px; - z-index: 3; + background-image: url("/images/sprite.png?1446554104"); + background-position: -331px -107px; + background-repeat: no-repeat; + bottom: -23px; + display: inline-block; + height: 45px; + left: 30px; + position: absolute; + width: 45px; + z-index: 3; } .l-sort__create-btn:hover { - background-position: -378px -107px; + background-position: -378px -107px; } .l-sort__create-btn:active { - background-position: -425px -107px; + background-position: -425px -107px; } + .l-sort__create-btn--active { - background-position: -425px -107px; + background-position: -425px -107px; } .l-sort__create-btn.restore { - background-position: -331px -250px; - bottom: -22px; + background-position: -331px -250px; + bottom: -22px; } -.l-sort__create-btn.restore:hover { - background-position: -331px -250px; +.l-sort__create-btn.restore:hover, .l-sort__create-btn.restore:active { + background-position: -331px -250px; } -.l-sort__create-btn.restore:active { - background-position: -331px -250px; -} - .l-sort__create-btn.edit { - background-position: -331px -154px; - bottom: -22px; + background-position: -331px -154px; + bottom: -22px; } .l-sort__create-btn.edit:hover { - background-position: -378px -154px; + background-position: -378px -154px; } .l-sort__create-btn.edit:active { - background-position: -425px -154px; + background-position: -425px -154px; } .context-menu.sort-order { - display: inline-block; - position: absolute; - z-index: 3; - left: 397px; - margin: 0; - overflow: hidden; - top: 42px; - width: 201px; - background-color: #5c5c5c; - list-style-type: none; - padding-left: 0; - box-shadow: 0 2px 7px 0 rgba(0, 0, 0, 0.3); + display: inline-block; + position: absolute; + z-index: 3; + left: 397px; + margin: 0; + overflow: hidden; + top: 42px; + width: 201px; + background-color: #5c5c5c; + list-style-type: none; + padding-left: 0; + box-shadow: 0 2px 7px 0 rgba(0, 0, 0, 0.3); } .context-menu.sort-order li { - padding: 0; + padding: 0; } .context-menu li { - border-bottom: 1px solid #777; - color: #fff; - cursor: pointer; - font-size: 12px; - padding: 12px; + border-bottom: 1px solid #777; + color: #fff; + cursor: pointer; + font-size: 12px; + padding: 12px; } .context-menu.sort-order span.name { - background: url("/images/sprite.png?1446554103") no-repeat scroll -292px -361px rgba(0, 0, 0, 0); - display: inline-block; - padding: 12px 28px 12px 12px; - width: 117px; - text-transform: uppercase; - font-weight: bold; + background: url("/images/sprite.png?1446554104") no-repeat scroll -292px -361px rgba(0, 0, 0, 0); + display: inline-block; + padding: 12px 28px 12px 12px; + width: 117px; + text-transform: uppercase; + font-weight: bold; } .context-menu.sort-order span.up { - background: url("/images/sprite.png?1446554103") no-repeat scroll -434px -417px rgba(0, 0, 0, 0); - display: inline-block; - padding: 12px 14px; - width: 16px; + background: url("/images/sprite.png?1446554104") no-repeat scroll -434px -417px rgba(0, 0, 0, 0); + display: inline-block; + padding: 12px 14px; + width: 16px; } .context-menu.sort-order span.active { - background-color: #FFD437; - color: #555; + background-color: #FFD437; + color: #555; } .context-menu.sort-order span:hover { - background-color: #777; - color: #fff; + background-color: #777; + color: #fff; } .context-menu.sort-order span:active { - background-color: #ffcc00; + background-color: #ffcc00; } - - - .l-sort-toolbar { - float: right; - padding: 7px 0 7px 0; - width: 100%; + float: right; + padding: 7px 0 7px 0; + width: 100%; } -.l-sort-toolbar table{ - float: right; +.l-sort-toolbar table { + float: right; } - .l-sort-toolbar td.toggle-all { - padding-top: 7px; - padding-right: 20px; + padding-top: 7px; + padding-right: 20px; } - .l-sort-toolbar .sort-by { - cursor: pointer; - padding-top: 7px; - padding-left: 40px; + cursor: pointer; + padding-top: 7px; + padding-left: 40px; } .l-sort-toolbar .sort-by:hover { - color: #555; + color: #555; } .l-sort-toolbar .sort-by:hover b { - color: #555; + color: #555; } .l-sort-toolbar .sort-by:active { - color: #55c9c0; + color: #23b7e5; } .l-sort-toolbar .sort-by:active b { - color: #55c9c0; + color: #23b7e5; } - .l-sort-toolbar .sort-by b { - text-transform: uppercase; - padding-left: 3px; - font-size: 12px; + text-transform: uppercase; + padding-left: 3px; + font-size: 12px; } - .l-sort-toolbar .toggle-all:hover { - color: #555; + color: #555; } .l-sort-toolbar .toggle-all:active { - color: #55c9c0; + color: #23b7e5; } - .l-sort-toolbar .l-select { - float: left; + float: left; } .l-sort-toolbar td { - vertical-align: middle; + vertical-align: middle; } - -.l-sort-toolbar.subtitle { - padding-left: 96px; +.l-sort-toolbar.subtitle { + padding-left: 96px; } - - .l-sort-toolbar td:first-of-type { - padding-left: 40px; + padding-left: 40px; } - - .l-sort-toolbar td.step-right:first-of-type { - padding-right: 20px; + padding-right: 20px; } - .l-sort-toolbar td:nth-of-type(2) { -/* /// padding-right: 60px;*/ - padding-right: 20px; + /* /// padding-right: 60px;*/ + padding-right: 20px; } .l-sort-toolbar td:last-of-type { -/* /// padding-left: 40px; */ + /* /// padding-left: 40px; */ } + .l-sort-toolbar__filter-apply { - float: left; - width: 30px; - height: 30px; - background-image: url("/images/sprite.png?1446554103"); - background-position: -333px -1px; - border: none; + float: left; + width: 30px; + height: 30px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -333px -1px; + border: none; } .l-sort-toolbar__filter-apply:hover { - background-position: -368px -1px; - border-color: #afafac; + background-position: -368px -1px; + border-color: #afafac; } .l-sort-toolbar__filter-apply:active { - background-position: -404px -1px; - border-color: #afafac; + background-position: -404px -1px; + border-color: #afafac; } + .l-sort-toolbar__filter-apply--active { - background-position: -404px -1px; - border-color: #50bdb5; + background-position: -404px -1px; + border-color: #50bdb5; } .l-sort-toolbar__search { - float: left; - width: 25px; - height: 25px; - background-image: url("/images/sprite.png?1446554103"); - background-position: -333px -37px; - border: none; + float: left; + width: 25px; + height: 25px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -333px -37px; + border: none; } .l-sort-toolbar__search:hover { - background-position: -368px -37px; - border-color: #afafac; + background-position: -368px -37px; + border-color: #afafac; } .l-sort-toolbar__search:active { - background-position: -404px -37px; - border-color: #50bdb5; + background-position: -404px -37px; + border-color: #50bdb5; } + .l-sort-toolbar__search--active { - background-position: -404px -37px; - border-color: #50bdb5; + background-position: -404px -37px; + border-color: #50bdb5; } + .l-sort-toolbar .vst { - padding: 0 12px; - color: #777; - text-transform: uppercase; - font-size: 11px; - font-weight: bold; - line-height: 30px; + padding: 0 12px; + color: #777; + text-transform: uppercase; + font-size: 11px; + font-weight: bold; + line-height: 30px; } .l-sort-toolbar .vst:hover { - color: #ff6701; + color: #9c8cff; } .l-sort-toolbar .vst:active { - color: #55C9C0; + color: #23b7e5; } .l-sort-toolbar .vst.selected { - color: #ff6701; -// color: #92af0b; + color: #9c8cff; } - - .l-select { - width: 178px; - height: 28px; - border: 1px solid #ddd; - border-radius: 0; - overflow-x: hidden; - position: relative; - display: inline-block; - border-style: solid none solid solid; + width: 178px; + height: 28px; + border: 1px solid #ddd; + border-radius: 0; + overflow-x: hidden; + position: relative; + display: inline-block; + border-style: solid none solid solid; } + .lang-ru .l-select { - width: 199px; + width: 199px; } .l-select:after { - pointer-events: none; - background-image: url("/images/sprite.png?1446554103"); - background-position: -245px -175px; - width: 7px; - height: 4px; - margin-top: -2px; - content: ''; - position: absolute; - right: 10px; - top: 50%; + pointer-events: none; + background-image: url("/images/sprite.png?1446554104"); + background-position: -245px -175px; + width: 7px; + height: 4px; + margin-top: -2px; + content: ""; + position: absolute; + right: 10px; + top: 50%; } .l-select select { - border: 0; - background-color: transparent; - line-height: 28px; - height: 28px; - min-width: 208px; - padding-left: 4px; - appearance:none; - -moz-appearance:none; - -webkit-appearance:none; - padding-left: 10px; + border: 0; + background-color: transparent; + line-height: 28px; + height: 28px; + min-width: 208px; + padding-left: 4px; + appearance: none; + -moz-appearance: none; + -webkit-appearance: none; + padding-left: 10px; } .l-select select:focus { - border: 0; - outline: 0; + border: 0; + outline: 0; } + .lang-ru .l-select select { - min-width: 215px; + min-width: 215px; } + .l-select select option { - padding: 7px; + padding: 7px; } .l-unit { - color: #888; - padding: 0 0 0 15px; - overflow: hidden; - font-size: 13px; -} -.units .l-unit { - border-bottom: 1px solid #ddd; - border-left: 2px solid #fff; -} -.units .l-unit.l-unit--starred { - border-left: 2px solid #ff6701; -} -.units.active .l-unit.focus { - border-left: 2px solid #5edad0; -} -.units.active .l-unit.focus .l-unit__name { - color: #36b3a9; -} -.units.active .l-unit.focus .l-unit-toolbar__col--right { - display: block; + color: #888; + padding: 0 0 0 15px; + overflow: hidden; + font-size: 13px; } +.units .l-unit { + border-bottom: 1px solid #ddd; + border-left: 2px solid #fff; +} +.units .l-unit.l-unit--starred { + border-left: 2px solid #9c8cff; +} +.units.active .l-unit.focus { + border-left: 2px solid #5edad0; + background: #f4faff; +} +.units.active .l-unit.focus .l-unit__name { + color: #36b3a9; +} +.units.active .l-unit.focus .l-unit-toolbar__col--right { + display: block; +} .units > div:last-child { - border-bottom: none; + border-bottom: none; } .l-unit-ft { - color: #929292; - padding: 0 0 0 15px; + color: #929292; + padding: 0 0 0 15px; } .l-unit:hover .l-unit-toolbar__col--right { - display: block; + display: block; } + .l-unit--blue { - border-left: 2px solid #55c9c0; + border-left: 2px solid #23b7e5; } .l-unit--suspended { - background-color: #eaeaea; - color: #c0c0c0; + background-color: #eaeaea; + color: #c0c0c0; } - .units .l-unit.l-unit--outdated { - background-color: #ffcaca; - color: #555; - border-left: 5px solid #ff6f6f; - border-bottom: 1px solid #fff; + background-color: #ffcaca; + color: #555; + border-left: 5px solid #ff6f6f; + border-bottom: 1px solid #fff; } -.l-unit--suspended .l-unit__name, -.l-unit--suspended b, -.l-unit--outdated .l-unit__name, -.l-unit--outdated b { - color: #c0c0c0; +.l-unit--suspended .l-unit__name, .l-unit--suspended b { + color: #c0c0c0; } +.l-unit--outdated .l-unit__name, .l-unit--outdated b { + color: #c0c0c0; +} .l-unit--outdated .l-unit__name { - color: #333; + color: #333; } .l-unit--outdated b { - color: #555; + color: #555; } .l-unit--suspended .l-percent { - border-color: #fff; + border-color: #fff; } .l-unit--suspended .l-percent__fill { - background-color: #fff; + background-color: #fff; +} +.l-unit--suspended .l-unit__name { + color: #ADADAD; } -.l-unit--suspended .l-unit__name, .l-unit--suspended .l-unit__name span { - color: #ADADAD; + color: #ADADAD; } - -.l-unit--suspended.selected .l-unit__name, -.l-unit--suspended.selected .l-unit__name span { - color: #777; -} - .l-unit--suspended.selected { - background-color: #f2eab8 !important; - color: #b2ac87 !important; + background-color: #f2eab8 !important; + color: #b2ac87 !important; +} +.l-unit--suspended.selected .l-unit__name { + color: #777; +} +.l-unit--suspended.selected .l-unit__name span { + color: #777; } .l-unit--outdated.selected { - background: #765D5D !important; - color: #333 !important; + background: #765D5D !important; + color: #333 !important; } +.l-unit--suspended.selected .l-unit__name, .l-unit--suspended.selected b { + color: #333 !important; +} +.l-unit--outdated.selected .l-unit__name, .l-unit--outdated.selected b { + color: #333 !important; +} -.l-unit--suspended.selected .l-unit__name, -.l-unit--suspended.selected b, -.l-unit--outdated.selected .l-unit__name, -.l-unit--outdated.selected b, -.l-unit--suspended.selected .l-percent, -.l-unit--suspended.selected .l-percent__fill, -.l-unit--suspended.selected .l-unit__name, +.l-unit--suspended.selected .l-percent, .l-unit--suspended.selected .l-percent__fill { + color: #333 !important; +} +.l-unit--suspended.selected .l-unit__name { + color: #333 !important; +} .l-unit--suspended.selected .l-unit__name span { - color: #333 !important; + color: #333 !important; } .l-unit.selected .l-percent { - border-bottom: 1px dotted #777; + border-bottom: 1px dotted #777; } - .l-unit--selected { - background-color: #d1eddc; + background-color: #d1eddc; } -.l-unit-toolbar{ - height: 39px; + +.l-unit-toolbar { + height: 39px; } .l-unit label { - margin-bottom: 20px; + margin-bottom: 20px; } + .l-unit__columns { - display: table; - width: 100%; + display: table; + width: 100%; } + .l-unit__col { - display: table-cell; - padding-top: 1px; - vertical-align: top; + display: table-cell; + padding-top: 1px; + vertical-align: top; } + .l-unit__col--left { - width: 124px; - padding-right: 10px; + width: 124px; + padding-right: 10px; } + .units.compact .l-unit__col--left { - vertical-align: top; + vertical-align: top; } .l-unit__col--left.step-left { - padding-left: 30px; + padding-left: 30px; } .l-unit__col--right.total { - padding-left: 16px; + padding-left: 16px; } - .l-unit__col--right.back { - padding-left: 78px + padding-left: 78px; } .l-sort-toolbar .step-left { - padding-left: 40px; + padding-left: 40px; } + .step-right { - padding-right: 40px; + padding-right: 40px; } .l-unit__date { - font-size: 12px; - letter-spacing: 1px; - margin-top: 10px; - padding-bottom: 30px; + font-size: 12px; + letter-spacing: 1px; + margin-top: 10px; + padding-bottom: 30px; } .l-unit__suspended { - display: none; - font-size: 11px; - font-weight: bold; - letter-spacing: 3px; - margin-top: 36px; - text-transform: uppercase; - margin-bottom: 14px; + display: none; + font-size: 11px; + font-weight: bold; + letter-spacing: 3px; + margin-top: 36px; + text-transform: uppercase; + margin-bottom: 14px; } .units.compact .l-unit__suspended { - margin-top: 1px; + margin-top: 1px; } -.l-unit--outdated .l-unit__suspended, -.l-unit--suspended .l-unit__suspended { - display: block; +.l-unit--outdated .l-unit__suspended, .l-unit--suspended .l-unit__suspended { + display: block; +} + +.l-unit-ft .subtitle { + color: #9c8cff; + font-size: 12px; + font-weight: bold; + margin: 20px 0 18px 129px; + text-transform: uppercase; } -.l-unit-ft .subtitle, .l-unit .subtitle { - color: #ff6701; - font-size: 12px; - font-weight: bold; - margin: 20px 0 18px 129px; - text-transform: uppercase; + color: #9c8cff; + font-size: 12px; + font-weight: bold; + margin: 20px 0 18px 129px; + text-transform: uppercase; } - .l-unit.l-unit--outdated .l-unit__date { - color: #d24c4c; - font-size: 10px; - letter-spacing: 3px; - text-transform: uppercase; - font-weight: bold; + color: #d24c4c; + font-size: 10px; + letter-spacing: 3px; + text-transform: uppercase; + font-weight: bold; } .l-unit__name { - color: #111; - font-size: 32px; - margin-bottom: 10px; + color: #111; + font-size: 32px; + margin-bottom: 10px; } -.l-unit__stats.separate, + +.l-unit__stats.separate { + padding-bottom: 15px; +} + .l-unit__name.separate { - padding-bottom: 15px; + padding-bottom: 15px; } - .l-unit__name.small { - font-size: 19px; + font-size: 19px; } - .l-unit__name.small-2 { - font-size: 24px; + font-size: 24px; } - - .l-unit__name span { - color: #999; - margin-left: 30px; - font-size: 14px; - font-style: italic; + color: #999; + margin-left: 30px; + font-size: 14px; + font-style: italic; } .l-unit__name span:first-of-type { - margin-left: 39px; + margin-left: 39px; } .l-unit__name b { - font-weight: normal; - font-style: italic; + font-weight: normal; + font-style: italic; } .l-unit__ip { - margin-bottom: 26px; - font-size: 12px; - letter-spacing: 1px; + margin-bottom: 26px; + font-size: 12px; + letter-spacing: 1px; } .l-unit__ip span { - padding-left: 3px; - padding-right: 3px; + padding-left: 3px; + padding-right: 3px; } + .display-ip { - font-size: 12px; - letter-spacing: 1px; + font-size: 12px; + letter-spacing: 1px; } .display-ip span { - padding-left: 3px; - padding-right: 3px; + padding-left: 3px; + padding-right: 3px; } .l-unit__stats { - margin-bottom: 50px; + margin-bottom: 50px; } .l-unit__stats table { - width: 100%; - table-layout: fixed; + width: 100%; + table-layout: fixed; } .l-unit__stats td { - height: 22px; - padding-bottom: 3px; - vertical-align: top; + height: 22px; + padding-bottom: 3px; + vertical-align: top; } + .l-unit__stat-col--left { - float: left; - width: 124px; + float: left; + width: 124px; } .l-unit__stat-col--left.compact { - width: 70px; + width: 70px; } .l-unit__stat-col--left.compact-2 { - width: 95px; + width: 95px; } .l-unit__stat-col--left.wide { - width: 190px; + width: 190px; } .l-unit__stat-col--left.wide-2 { - width: 230px; + width: 230px; } .l-unit__stat-col--left.wide-3 { - width: 250px; + width: 250px; } .l-unit__stat-col--left.wide-4 { - width: 550px; + width: 550px; } - - .l-unit__stat-col--left.small-2 { - line-height: 11px; + line-height: 11px; } - .l-unit__stat-col--left.tiny { - font-size: 11px; + font-size: 11px; } - .l-unit__stat-col--left.tiny b { - font-size: 18px; + font-size: 18px; } - .l-unit__stat-col--right { - float: left; - max-width: 152px; + float: left; + max-width: 152px; } .l-unit-toolbar__col--left { - float: left; - margin-left: -15px; - margin-top: 0; - padding-bottom: 0px;/* 8px */ - padding-left: 15px; - padding-top: 15px; - width: 30px; - cursor: pointer; + float: left; + margin-left: -15px; + margin-top: 0; + padding-bottom: 0px; + /* 8px */ + padding-left: 15px; + padding-top: 15px; + width: 30px; + cursor: pointer; } .l-unit-toolbar__col--right { - float: right; - display: none; + float: right; + display: none; } body.mobile .l-unit-toolbar__col--right { - display: block; + display: block; } .l-unit-toolbar .shortcut { - display: none; + display: none; } .units.active .l-unit.focus .l-unit-toolbar .shortcut { - display: block; - background-color: #69a298; - border-radius: 13px; - color: #fff; - cursor: pointer; - display: block; - font-size: 12px; - font-weight: 700; - line-height: 25px; - padding-left: 7px; - padding-right: 9px; - position: absolute; - right: 3px; - top: 3px; + display: block; + background-color: #69a298; + border-radius: 13px; + color: #fff; + cursor: pointer; + display: block; + font-size: 12px; + font-weight: 700; + line-height: 25px; + padding-left: 7px; + padding-right: 9px; + position: absolute; + right: 3px; + top: 3px; } .units.active .l-unit.focus .l-unit-toolbar .shortcut.delete { - font-size: 10px; - padding-left: 2px; - padding-right: 5px; - text-transform: capitalize; + font-size: 10px; + padding-left: 2px; + padding-right: 5px; + text-transform: capitalize; } .units.active .l-unit.focus .l-unit-toolbar .shortcut.enter { - font-size: 17px; - padding-left: 1px; - padding-right: 7px; + font-size: 17px; + padding-left: 1px; + padding-right: 7px; } .units.active .l-unit.focus .l-unit-toolbar i { - background: none; + background: none; } .l-unit__stat-col.volume { - font-size: 12px; - line-height: 17px; - float: right; + font-size: 12px; + line-height: 17px; + float: right; } .actions-panel__col { - float: left; - min-width: 95px; - min-height: 31px; - text-transform: uppercase; - background-color: #dfdedd; - border-right: 1px solid #d8d7d7; - position: relative; + float: left; + min-width: 95px; + min-height: 31px; + text-transform: uppercase; + background-color: #dde6e9; + border-right: 1px solid #dde6e9; + position: relative; } + .selected .actions-panel__col { - -webkit-filter: contrast(80%); - filter: contrast(80%); + -webkit-filter: contrast(80%); + filter: contrast(80%); } + .actions-panel__col i { - background-image: url("/images/sprite.png?1446554103"); - background-repeat: no-repeat; - display: inline-block; - float: right; - content: ''; - width: 31px; - height: 31px; - position: absolute; - top: 0; - right: 0; + background-image: url("/images/sprite.png?1446554104"); + background-repeat: no-repeat; + display: inline-block; + float: right; + content: ""; + width: 31px; + height: 31px; + position: absolute; + top: 0; + right: 0; } .actions-panel__col a { - line-height: 31px; - color: #777; - font-weight: 700; - font-size: 12px; - padding-left: 13px; - display: block; - cursor: pointer; - position: relative; - padding-right: 36px; -} -.lang-ru .actions-panel__col a { - font-size: 11px; - padding-top: 1px; -} -.lang-tw .actions-panel__col a { - font-size: 15px; - font-weight: normal; - line-height: 29px; -} -.lang-ar .actions-panel__col a { - font-size: 15px; - font-weight: normal; - line-height: 31px; + line-height: 31px; + color: #777; + font-weight: 700; + font-size: 12px; + padding-left: 13px; + display: block; + cursor: pointer; + position: relative; + padding-right: 36px; } +.lang-ru .actions-panel__col a { + font-size: 11px; + padding-top: 1px; +} + +.lang-tw .actions-panel__col a { + font-size: 15px; + font-weight: normal; + line-height: 29px; +} + +.lang-ar .actions-panel__col a { + font-size: 15px; + font-weight: normal; + line-height: 31px; +} .actions-panel__favorite a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__favorite i { - background-position: -39px -85px; + background-position: -39px -85px; } .actions-panel__edit i { - background-position: -1px -169px; + background-position: -1px -169px; } .actions-panel__edit:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__edit:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__edit:hover a i { - background-position: -41px -169px; + background-position: -41px -169px; } .actions-panel__edit:active a i { - background-position: -81px -169px; + background-position: -81px -169px; } + .actions-panel__edit--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__edit--active i { - background-position: -78px -169px; + background-position: -78px -169px; } .actions-panel__restart i { - background-position: -1px -520px; + background-position: -1px -520px; } .actions-panel__restart:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__restart:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__restart:hover a i { - background-position: -41px -520px; + background-position: -41px -520px; } .actions-panel__restart:active a i { - background-position: -81px -520px; + background-position: -81px -520px; } + .actions-panel__restart--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__restart--active i { - background-position: -78px -520px; + background-position: -78px -520px; } .actions-panel__add i { - background-position: -1px -285px; + background-position: -1px -285px; } .actions-panel__add:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__add:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__add:hover a i { - background-position: -41px -285px; + background-position: -41px -285px; } .actions-panel__add:active a i { - background-position: -81px -285px; + background-position: -81px -285px; } .actions-panel__add--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__add--active i { - background-position: -78px -285px; + background-position: -78px -285px; } .actions-panel__update i { - background-position: -1px -481px; + background-position: -1px -481px; } .actions-panel__update:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__update:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__update:hover a i { - background-position: -41px -481px; + background-position: -41px -481px; } .actions-panel__update:active a i { - background-position: -81px -481px; + background-position: -81px -481px; } + .actions-panel__update--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__update--active i { - background-position: -78px -481px; + background-position: -78px -481px; } .actions-panel__logs i { - background-position: -2px -130px; + background-position: -2px -130px; } .actions-panel__logs:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__logs:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__logs:hover a i { - background-position: -42px -130px; + background-position: -42px -130px; } .actions-panel__logs:active a i { - background-position: -82px -130px; + background-position: -82px -130px; } + .actions-panel__logs--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__logs--active i { - background-position: -79px -130px; + background-position: -79px -130px; } .actions-panel__db i { - background-position: -2px -363px; + background-position: -2px -363px; } .actions-panel__db:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__db:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__db:hover a i { - background-position: -42px -363px; + background-position: -42px -363px; } .actions-panel__db:active a i { - background-position: -82px -363px; + background-position: -82px -363px; } + .actions-panel__db--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__db--active i { - background-position: -79px -362px; + background-position: -79px -362px; } .actions-panel__suspend i { - background-position: -1px -51px; + background-position: -1px -51px; } .actions-panel__suspend:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__suspend:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__suspend:hover a i { - background-position: -41px -51px; + background-position: -41px -51px; } .actions-panel__suspend:active a i { - background-position: -81px -51px; + background-position: -81px -51px; } + .actions-panel__suspend--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__suspend--active i { - background-position: -78px -51px; + background-position: -78px -51px; } .actions-panel__unsuspend i { - background-position: -1px -12px; + background-position: -1px -12px; } .actions-panel__unsuspend:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__unsuspend:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__unsuspend:hover a i { - background-position: -41px -12px; + background-position: -41px -12px; } .actions-panel__unsuspend:active a i { - background-position: -81px -12px; + background-position: -81px -12px; } + .actions-panel__unsuspend--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__unsuspend--active i { - background-position: -78px -12px; + background-position: -78px -12px; } - .actions-panel__loginas i { - background-position: -1px -245px; + background-position: -1px -245px; } .actions-panel__loginas:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__loginas:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__loginas:hover a i { - background-position: -41px -245px; + background-position: -41px -245px; } .actions-panel__loginas:active a i { - background-position: -81px -245px; + background-position: -81px -245px; } + .actions-panel__loginas--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__loginas--active i { - background-position: -78px -245px; + background-position: -78px -245px; } .actions-panel__download i { - background-position: -1px -402px; + background-position: -1px -402px; } .actions-panel__download:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__download:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__download:hover a i { - background-position: -41px -402px; + background-position: -41px -402px; } .actions-panel__download:active a i { - background-position: -81px -402px; + background-position: -81px -402px; } + .actions-panel__download--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__download--active i { - background-position: -78px -402px; + background-position: -78px -402px; } .actions-panel__configure i { - background-position: -1px -442px; + background-position: -1px -442px; } .actions-panel__configure:hover a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__configure:active a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__configure:hover a i { - background-position: -81px -442px; + background-position: -81px -442px; } .actions-panel__configure:active a i { - background-position: -41px -442px; + background-position: -41px -442px; } + .actions-panel__configure--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__configure--active i { - background-position: -78px -442px; + background-position: -78px -442px; } .actions-panel__.l-icon-starmail i { - background-position: -1px -324px; + background-position: -1px -324px; } + .actions-panel__mail:hover a { - background-color: #afafac; - color: #fff; + background-color: #afafac; + color: #fff; } .actions-panel__mail:active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__mail:hover a i { - background-position: -41px -324px; + background-position: -41px -324px; } .actions-panel__mail:active a i { - background-position: -81px -324px; + background-position: -81px -324px; } + .actions-panel__mail--active a { - background-color: #55c9c0; - color: #fff; + background-color: #23b7e5; + color: #fff; } .actions-panel__mail--active i { - background-position: -78px -324px; + background-position: -78px -324px; } .actions-panel__delete i { - background-position: -1px -207px; + background-position: -1px -207px; } .actions-panel__delete:hover a { - background-color: #ff3438; - color: #fff; + background-color: #ff3438; + color: #fff; } .actions-panel__delete:active a { - background-color: #ff5f5f; - color: #fff; + background-color: #ff5f5f; + color: #fff; } .actions-panel__delete:hover a i { - background-position: -41px -207px; + background-position: -41px -207px; } .actions-panel__delete:active a i { - background-position: -81px -207px; + background-position: -81px -207px; } + .actions-panel__delete--active a { - background-color: #ff5f5f; - color: #fff; + background-color: #ff5f5f; + color: #fff; } .actions-panel__delete--active i { - background-position: -78px -207px; + background-position: -78px -207px; } .actions-panel__stop i { - background-position: -1px -561px; + background-position: -1px -561px; } .actions-panel__stop:hover a { - background-color: #ff3438; - color: #fff; + background-color: #ff3438; + color: #fff; } .actions-panel__stop:active a { - background-color: #ff5f5f; - color: #fff; + background-color: #ff5f5f; + color: #fff; } .actions-panel__stop:hover a i { - background-position: -41px -561px; + background-position: -41px -561px; } .actions-panel__stop:active a i { - background-position: -81px -561px; + background-position: -81px -561px; } + .actions-panel__stop--active a { - background-color: #ff5f5f; - color: #fff; + background-color: #ff5f5f; + color: #fff; } .actions-panel__stop--active i { - background-position: -78px -561px; + background-position: -78px -561px; } .actions-panel__start i { - background-position: -1px -482px; + background-position: -1px -482px; } .actions-panel__start:hover a { - background-color: #9fbf0c; - color: #fff; + background-color: #27c24c; + color: #fff; } .actions-panel__start:active a { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .actions-panel__start:hover a i { - background-position: -41px -482px; + background-position: -41px -482px; } .actions-panel__start:active a i { - background-position: -81px -482px; + background-position: -81px -482px; } + .actions-panel__start--active a { - background-color: #c0e60f; - color: #fff; + background-color: #32f360; + color: #fff; } .actions-panel__start--active i { - background-position: -78px -482px; + background-position: -78px -482px; } - .l-icon-up-arrow, .l-icon-down-arrow, .l-icon-star, .l-icon-to-top, .l-icon-shortcuts, .l-icon-star-orange, .l-icon-star-blue { - display: inline-block; - vertical-align: middle; - background-image: url("/images/sprite.png?1446554103"); + display: inline-block; + vertical-align: middle; + background-image: url("/images/sprite.png?1446554104"); } .l-icon-down-arrow { - width: 7px; - height: 15px; - background-position: -280px -128px; + width: 7px; + height: 15px; + background-position: -280px -128px; } .l-icon-up-arrow { - width: 7px; - height: 15px; - background-position: -299px -129px; + width: 7px; + height: 15px; + background-position: -299px -129px; } - .l-icon-star { - width: 36px; - height: 36px; - background-position: -216px 560px; - cursor: pointer; - visibility: hidden; + width: 36px; + height: 36px; + background-position: -216px 560px; + cursor: pointer; + visibility: hidden; } + .l-unit--starred .l-icon-star { - background-position: -174px 560px; - visibility: visible; + background-position: -174px 560px; + visibility: visible; } + .selected .l-icon-star { - filter: contrast(70%); - -webkit-filter: contrast(70%); + filter: contrast(70%); + -webkit-filter: contrast(70%); } .units.compact .l-icon-star { - margin-top: -14px; + margin-top: -14px; } .l-icon-star:hover { - background-position: 0px 560px; + background-position: 0px 560px; } - .l-icon-star:active { - -background-position: -174px 560px; - background-position: -80px 562px; + -background-position: -174px 560px; + background-position: -80px 562px; } .l-unit:hover .l-icon-star { - visibility: visible; + visibility: visible; } - .l-icon-to-top { - width: 35px; - height: 35px; - background-position: -330px -68px; + width: 35px; + height: 35px; + background-position: -330px -68px; } .l-icon-to-top:hover { - background-position: -366px -68px; + background-position: -366px -68px; } .l-icon-to-top:active { - background-position: -402px -68px; + background-position: -402px -68px; } .l-icon-shortcuts { - width: 35px; - height: 35px; - background-position: -240px -281px; - border-radius: 18px; + width: 35px; + height: 35px; + background-position: -240px -281px; + border-radius: 18px; } .l-icon-shortcuts:hover { - background-position: -160px -281px; + background-position: -160px -281px; } .l-icon-shortcuts:active { - background-position: -198px -281px; + background-position: -198px -281px; } -body.mobile .l-icon-to-top, -body.mobile .l-icon-shortcuts { - display: none; +body.mobile .l-icon-to-top, body.mobile .l-icon-shortcuts { + display: none; } - .l-icon-star-orange { - width: 13px; - height: 13px; - background-position: -178px -97px; + width: 13px; + height: 13px; + background-position: -178px -97px; } .l-icon-star-blue { - width: 13px; - height: 13px; - background-position: -134px -97px; + width: 13px; + height: 13px; + background-position: -134px -97px; } .media-top { - vertical-align: top; + vertical-align: top; } .l-unit__stat-cols { - padding-right: 10px; + padding-right: 10px; } .l-unit__stat-cols.last { - padding-right: 0; + padding-right: 0; } .l-unit__stat-cols.graph { - width: 200px; + width: 200px; } .l-unit__stat-cols.tiny { - font-size:11px; - line-height: 19px; + font-size: 11px; + line-height: 19px; } .l-percent { - border-bottom: 1px dotted #ccc; - margin-top: 1px; - width: 200px; + border-bottom: 1px dotted #ccc; + margin-top: 1px; + width: 200px; } + .l-percent__fill { - background-color: #aacc0d; - height: 3px; - position: relative; - bottom: -1px; + background-color: #aacc0d; + height: 3px; + position: relative; + bottom: -1px; } .to-top { - display: inline-block; - position: fixed; - top: 92%; - right: 1%; + display: inline-block; + position: fixed; + top: 92%; + right: 1%; } .to-shortcuts { - display: inline-block; - position: fixed; - top: 92%; - right: 4%; + display: inline-block; + position: fixed; + top: 92%; + right: 4%; } - /* #vstobjects { margin-top: -1px; } */ - #vstobjects .l-center { - padding-top: 20px; - padding-bottom: 30px; - font-size: 12px; + padding-top: 20px; + padding-bottom: 30px; + font-size: 12px; } .timer-container { - margin-top: 4px; + margin-top: 4px; } - .timer-container .refresh-timer { - border: 2px solid #9f9f9f; - border-radius: 14px; - height: 14px; - width: 14px; - float: left; - margin: 2px 10px 0 0; + border: 2px solid #9f9f9f; + border-radius: 14px; + height: 14px; + width: 14px; + float: left; + margin: 2px 10px 0 0; } .timer-container .refresh-timer.paused { - border: 2px solid #9f9f9f; + border: 2px solid #9f9f9f; } -.timer-container .refresh-timer.paused .loader-half.right, -.timer-container .refresh-timer.paused .loader-half.dark { - background-color: #9d9f9f; +.timer-container .refresh-timer.paused .loader-half.right, .timer-container .refresh-timer.paused .loader-half.dark { + background-color: #9d9f9f; } .timer-container .loader-half { - border-radius: 0 14px 14px 0; - height: 14px; - width: 7px; - float: left; + border-radius: 0 14px 14px 0; + height: 14px; + width: 7px; + float: left; } .timer-container .loader-half.left { - border-radius: 14px 0 0 14px; - background-color: #fff; + border-radius: 14px 0 0 14px; + background-color: #fff; } .timer-container .loader-half.right { - margin-left: 7px; - background-color: #9f9f9f; + margin-left: 7px; + background-color: #9f9f9f; } .timer-container .loader-half.dark { - background-color: #9f9f9f; + background-color: #9f9f9f; } .timer-container .movement { - float: left; - width: 14px; - height: 14px; - position: absolute; + float: left; + width: 14px; + height: 14px; + position: absolute; } .timer-container .movement.left { - z-index: 10; + z-index: 10; } .timer-container .movement.right { - transform: rotate(180deg); - -webkit-transform: rotate(180deg); + transform: rotate(180deg); + -webkit-transform: rotate(180deg); } .timer-container .timer-button { - cursor: pointer; - text-decotation: underline; - margin: 7px 0 0 38px; - width: 15px; - float: left; - height: 10px; + cursor: pointer; + text-decotation: underline; + margin: 7px 0 0 38px; + width: 15px; + float: left; + height: 10px; } .timer-container .timer-button.pause { - background: url(/images/pause.png) no-repeat ; + background: url(/images/pause.png) no-repeat; } .timer-container .timer-button.play { - background: url(/images/start.png) no-repeat; + background: url(/images/start.png) no-repeat; } .uppercase { - text-transform: uppercase; -} - -.title b, -.title { - color: #ff6701; - font-size: 12px; - font-weight: bold; - padding: 0 30px 0px 73px; - line-height: 30px; - text-transform: uppercase; + text-transform: uppercase; } .title { - display: inline-block; - float: left; + color: #9c8cff; + font-size: 12px; + font-weight: bold; + padding: 0 30px 0px 73px; + line-height: 30px; + text-transform: uppercase; + display: inline-block; + float: left; +} +.title b { + color: #9c8cff; + font-size: 12px; + font-weight: bold; + padding: 0 30px 0px 73px; + line-height: 30px; + text-transform: uppercase; } - - - /* form styles */ - - - .vst-error { - color: #BE5ABF; - font-weight: bold; - display: inline-block; - height: 17px; - overflow: hidden; - padding-top: 6px; - width: 593px; + color: #BE5ABF; + font-weight: bold; + display: inline-block; + height: 17px; + overflow: hidden; + padding-top: 6px; + width: 593px; } .vst-ok { - color: #9fbf0c; - font-weight: bold; - display: inline-block; - height: 17px; - overflow: hidden; - padding-top: 6px; - max-width: 600px; + color: #27c24c; + font-weight: bold; + display: inline-block; + height: 17px; + overflow: hidden; + padding-top: 6px; + max-width: 600px; } - .vst-ok a { - color: #2c9491; + color: #27c24c; } .vst-ok a:hover { - color: #ff6701; + color: #9c8cff; } .vst-ok a:active { - color: #f72b44; + color: #796cc7; } - - - .data { - margin: 0 0 90px 0; + margin: 0 0 90px 0; } + .data-col1 { - width: 148px; + width: 148px; } - .data-col1 td { - padding: 10px 0 0 5px; + padding: 10px 0 0 5px; } - .data-col1 tr:first-child td { - padding: 59px 0 0 5px; + padding: 59px 0 0 5px; } -.login-box td, -.data td { - color: #555; - font-size: 15px; - padding-bottom: 3px; - font-weight: bold; +.login-box td, .data td { + color: #555; + font-size: 15px; + padding-bottom: 3px; + font-weight: bold; } + .input-label { - padding-top: 20px; + padding-top: 20px; } -.data input[type="checkbox"] { - display: inline; - cursor: pointer; + +.data input[type=checkbox] { + display: inline; + cursor: pointer; } + .step-top { - padding-top: 42px; + padding-top: 42px; } + .step-top-small { - padding-top: 22px; + padding-top: 22px; } + .jump-top { - margin-top: -60px; + margin-top: -60px; } + .jump-small-top { - margin-top: -12px; + margin-top: -12px; } + .float-right { display: inline-block; float: right; } .data a { - text-decoration: none; -} -label { - cursor: pointer; + text-decoration: none; } +label { + cursor: pointer; +} label:hover { - color: #333; + color: #333; } .vst-input { - background-color: #fff; - border: 1px solid #cfcfcf; - border-radius: 0px; - color: #555; - font-family: Arial; - font-size: 19px; - height: 28px; - margin: 2px 6px 0 0; - padding: 7px 3px 9px 14px; - width: 360px; - font-weight: normal; + background-color: #fff; + border: 1px solid #dee5e7; + border-radius: 3px; + color: #555; + font-family: Arial; + font-size: 19px; + height: 28px; + margin: 2px 6px 0 0; + padding: 7px 3px 9px 14px; + width: 360px; + font-weight: normal; } .vst-input:hover { - border: 1px solid #909090; + border: 1px solid #909090; } .vst-input:focus { - border: 1px solid #55C9C0; - background-color: #D7F9FF; - color: #333; + border: 1px solid #23b7e5; + background-color: #fff; + color: #333; +} +.vst-input:disabled { + background-color: #e0e0e0; } -.vst-input:disabled, .vst-list:disabled { - background-color: #e0e0e0; + background-color: #e0e0e0; } + .vst-input:focus:disabled { - border-color: #f1f1f1; - background-color: #f1f1f1; + border-color: #f1f1f1; + background-color: #f1f1f1; } .vst-input.long { - width: 832px; + width: 100%; } .vst-input.short { - width: 200px; + width: 200px; } .vst-list { - background-color: #fff; - border: 1px solid #ccc; - border-radius: 0; - color: #555; - font-family: Arial,Helvetica,sans-serif; - font-size: 19px; - font-weight: normal; - height: 43px; - cursor: pointer; - margin: 2px 6px 0 0; - min-width: 138px; - padding: 8px 1px 6px 10px; - background-image: url("/images/sprite.png?1446554103"); - background-position: -185px -604px; - width: 270px; - appearance:none; - -moz-appearance:none; - -webkit-appearance:none; - text-shadow: 0 0 0 #555; + background-color: #fff; + border: 1px solid #dee5e7; + border-radius: 3px; + color: #555; + font-family: Arial, Helvetica, sans-serif; + font-size: 19px; + font-weight: normal; + height: 43px; + cursor: pointer; + margin: 2px 6px 0 0; + min-width: 138px; + padding: 8px 1px 6px 10px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -185px -604px; + width: 270px; + appearance: none; + -moz-appearance: none; + -webkit-appearance: none; + text-shadow: 0 0 0 #555; } - .vst-list.long-2 { - width: 486px; - background-position: 502px -604px; + width: 486px; + background-position: 502px -604px; } .vst-list option { - padding: 6px 1px 6px 15px; + padding: 6px 1px 6px 15px; } .vst-list:hover { - border: 1px solid #909090; + border: 1px solid #909090; } .vst-list:focus { - border: 1px solid #55C9C0; - color: #333; + border: 1px solid #23b7e5; + color: #333; } - .vst-list.flat { - border: 1px solid #fff; - color: #2c9491; - text-transform: uppercase; - font-weight: bold; - font-size: 11px; - margin-left: -14px; - background-position: -210px -604px; - text-shadow: none !important; + border: 1px solid #fff; + color: #27c24c; + text-transform: uppercase; + font-weight: bold; + font-size: 11px; + margin-left: -14px; + background-position: -210px -604px; + text-shadow: none !important; } .vst-list.flat:hover { - color: #ff6701; + color: #9c8cff; } .vst-list.flat option { - color: #555; + color: #555; } -a.vst-text, -a.vst-text b{ - color: #2c9491; +a.vst-text { + color: #27c24c; } -a.vst-text:hover, -a.vst-text:hover b{ - color: #ff6701; +a.vst-text b { + color: #27c24c; } -a.vst-text:active, -a.vst-text:active b{ - color: #ff6701; +a.vst-text:hover, a.vst-text:active { + color: #9c8cff; +} +a.vst-text:hover b, a.vst-text:active b { + color: #9c8cff; } .vst-textinput { - background-color: #fff; - border: 1px solid #cfcfcf; - border-radius: 0px; - color: #555; - font-size: 19px; - padding: 5px; - width: 560px; - height: 90px; - font-family:Arial, Helvetica, sans-serif; - padding: 9px 1px 6px 14px; - font-weight: normal; + background-color: #fff; + border: 1px solid #dee5e7; + border-radius: 3px; + color: #555; + font-size: 19px; + padding: 5px; + width: 560px; + height: 90px; + font-family: Arial, Helvetica, sans-serif; + padding: 9px 1px 6px 14px; + font-weight: normal; } .vst-textinput:hover { - border: 1px solid #909090; + border: 1px solid #909090; } .vst-textinput:focus { - border: 1px solid #55C9C0; - background-color: #D7F9FF; - color: #333; + border: 1px solid #23b7e5; + background-color: #fff; + color: #333; } .vst-textinput:disabled { - background-color: #f1f1f1; + background-color: #f1f1f1; } -.vst-textinput.console{ - font-size: 13px; - width: 630px; - height: 300px; - font-family:"Lucida Console", Monaco, monospace; - white-space: pre; +.vst-textinput.console { + font-size: 13px; + width: 630px; + height: 300px; + font-family: "Lucida Console", Monaco, monospace; + white-space: pre; } .vst-textinput.short { - width: 360px; + width: 360px; } -#advanced-options .console{ - width: 833px; - height: 600px; + +#advanced-options .console { + width: 833px; + height: 600px; } + .generate { - color: #2C9491; - text-decoration: underline; - cursor: pointer; - margin-left: -3px; - padding: 0 3px; + color: #27c24c; + text-decoration: underline; + cursor: pointer; + margin-left: -3px; + padding: 0 3px; } .generate:hover { - background-color: #ff6701; - border-color: #ff6701; - color: #fff; + background-color: #9c8cff; + border-color: #9c8cff; + color: #fff; } .generate:active { - background-color: #F7D616; - border-color: #F7D616; + background-color: #F7D616; + border-color: #F7D616; } + .vst-advanced { - border-bottom: 1px solid #2c9491; - color: #2c9491; - font-size: 11px; - letter-spacing: 1px; - padding: 2px 2px 0; - text-decoration: none; - text-transform: uppercase; + border-bottom: 1px solid #27c24c; + color: #27c24c; + font-size: 11px; + letter-spacing: 1px; + padding: 2px 2px 0; + text-decoration: none; + text-transform: uppercase; } + .login-box .vst-advanced:hover { - color: #ff6701; - background-color: transparent; - border-color: transparent; + color: #9c8cff; + background-color: transparent; + border-color: transparent; } .vst-advanced:hover { - color: #fff; - background-color: #ff6701; - border-color: #ff6701; + color: #fff; + background-color: #9c8cff; + border-color: #9c8cff; } -.login-box .vst-advanced:active, -.vst-advanced:active { - color: #fff; - background-color: #F7D616; - border-color: #F7D616; +.login-box .vst-advanced:active, .vst-advanced:active { + color: #fff; + background-color: #F7D616; + border-color: #F7D616; } .login-box .vst-advanced { - border-bottom: none; - color: #2c9491; - font-size: 10px; - letter-spacing: 1px; - padding: 2px 2px 0; - text-decoration: none; - text-transform: uppercase; + border-bottom: none; + color: #27c24c; + font-size: 10px; + letter-spacing: 1px; + padding: 2px 2px 0; + text-decoration: none; + text-transform: uppercase; } + .vst-checkbox { - font-size: 19px; - margin: 2px 6px 0 3px; - padding: 5px; + font-size: 19px; + margin: 2px 6px 0 3px; + padding: 5px; } + .lets-encrypt-note { - color: #89a40a !important; - font-style: italic; - font-weight: normal !important; - height: 30px; - padding-top: 10px; - vertical-align: top; + color: #89a40a !important; + font-style: italic; + font-weight: normal !important; + height: 30px; + padding-top: 10px; + vertical-align: top; } .additional-control { - margin-left: 17px; - color: #2C9491; - border-bottom: 1px solid #2C9491; - font-size: 11px; - letter-spacing: 1px; - cursor: pointer; - text-transform: uppercase; - font-weight: bold; - padding: 2px 2px 0; + margin-left: 17px; + color: #27c24c; + border-bottom: 1px solid #27c24c; + font-size: 11px; + letter-spacing: 1px; + cursor: pointer; + text-transform: uppercase; + font-weight: bold; + padding: 2px 2px 0; } .additional-control:hover { - background-color: #ff6701; - border-color: #ff6701; - color: #fff; + background-color: #9c8cff; + border-color: #9c8cff; + color: #fff; } .additional-control:active { - color: #fff; - background-color: #aaa; + color: #fff; + background-color: #aaa; } - .additional-control.ftp-remove-user { - padding: 2px 0 0 0; + padding: 2px 0 0 0; } - -.additional-control.delete:hover, -.additional-control.ftp-remove-user:hover { - background-color: #FF3438; - border-color: #FF3438; +.additional-control.delete:hover, .additional-control.ftp-remove-user:hover { + background-color: #FF3438; + border-color: #FF3438; } -.additional-control.delete:active, -.additional-control.ftp-remove-user:active { - background-color: #FF5F5F; - border-color: #FF5F5F; +.additional-control.delete:active, .additional-control.ftp-remove-user:active { + background-color: #FF5F5F; + border-color: #FF5F5F; } .additional-control.add:hover { - background-color: #9FBF0C; - border-color: #9FBF0C; + background-color: #27c24c; + border-color: #27c24c; } -.additional-control.add:active{ - background-color: #c0e60f; - border-color: #c0e60f; +.additional-control.add:active { + background-color: #32f360; + border-color: #32f360; } - .additional-control.remove-ns { - display: none; + display: none; } .data .step-left { - padding-left: 50px; + padding-left: 50px; } + .hide-password { - color: #2361a1; - margin-left: -36px; - padding-left: 3px; - z-index: 1; + color: #2361a1; + margin-left: -36px; + padding-left: 3px; + z-index: 1; } + .toggle-psw-visibility-icon { - cursor: pointer; - opacity: 1; + cursor: pointer; + opacity: 1; } + .show-passwords-enabled-action { - opacity: 0.4; -} -.ftp-path-value, -.hint, -td.hint { - color: #777; - font-size: 15px; - font-style: italic; - font-weight: normal; -} -.ftp-path-prefix { padding-top: 7px; } - -.ui-button, -.button { - filter:chroma(color=#000); - cursor: pointer; - border-radius: 3px 3px 3px 3px; - font-size: 13px; - font-weight: bold; - padding: 1px 16px 3px 16px; - width: 108px; - height: 34px; - color: #fafafa; - border: 1px solid #9FBF0C; - background-color: #9FBF0C; -} -.ui-button:hover, -.button:hover { - color: #555; - border: 1px solid #C0E60F; - background-color: #C0E60F; -} -.ui-button:active, -.button:active { - border: 1px solid #D1D70D !important; - background-color: #D1D70D !important; + opacity: 0.4; } -.ui-button:focus, -.button:focus { - border: 1px solid #90AD0D; - background-color: #90AD0D; +.ftp-path-value, .hint, td.hint { + color: #777; + font-size: 15px; + font-style: italic; + font-weight: normal; } -.ui-button.cancel, -.button.cancel { - color: #777; - border: 1px solid #DFDEDD; - background-color: #DFDEDD; +.ftp-path-prefix { + padding-top: 7px; } -.ui-button.cancel:hover, -.button.cancel:hover { - color: #fff; - border: 1px solid #999; - background-color: #999; + +.ui-button, .button { + filter: chroma(color=#000); + cursor: pointer; + border-radius: 3px 3px 3px 3px; + font-size: 13px; + font-weight: bold; + padding: 1px 16px 3px 16px; + width: 108px; + height: 34px; + color: #fafafa; + border: 1px solid #27c24c; + background-color: #27c24c; } -.ui-button.cancel:active, -.button.cancel:active { - border: 1px solid #D1D70D; - background-color: #D1D70D; + +.ui-button:hover, .button:hover { + color: #555; + border: 1px solid #32f360; + background-color: #32f360; } + +.ui-button:active, .button:active { + border: 1px solid #54ca70 !important; + background-color: #54ca70 !important; +} + +.ui-button:focus, .button:focus { + border: 1px solid #25af49; + background-color: #25af49; +} + +.ui-button.cancel, .button.cancel { + color: #777; + border: 1px solid #dde6e9; + background-color: #dde6e9; +} + +.ui-button.cancel:hover, .button.cancel:hover { + color: #fff; + border: 1px solid #999; + background-color: #999; +} + +.ui-button.cancel:active, .button.cancel:active { + border: 1px solid #54ca70; + background-color: #54ca70; +} + a.button.cancel { - padding: 8px 38px; - text-transform: capitalize; + padding: 8px 38px; + text-transform: capitalize; } - .ui-dialog button.cancel { - color: #000; - border: 1px solid #555; - background-color: #555; + color: #000; + border: 1px solid #555; + background-color: #555; } + /* .ui-dialog button.cancel:hover { color: #fff; @@ -2789,105 +2614,101 @@ a.button.cancel { background-color: #999; } .ui-dialog button.cancel:active { - border: 1px solid #D1D70D; - background-color: #D1D70D; + border: 1px solid #54ca70; + background-color: #54ca70; } */ - - - .ui-button span { - color: #fff; + color: #fff; } .ui-button:hover span { - color: #555 !important; + color: #555 !important; } .ui-button:active span { - color: #555; + color: #555; } .ui-button.cancel span { - color: #777; + color: #777; } -.ui-button:hover span { - color: #fff; -} -.ui-button:active span { - color: #fff; +.ui-button:hover span, .ui-button:active span { + color: #fff; } .ui-dialog button.cancel span { - color: #ccc; + color: #ccc; } - .unlim-trigger { - cursor: pointer; - margin-left: -36px; - padding-left: 3px; - z-index: 1; + cursor: pointer; + margin-left: -36px; + padding-left: 3px; + z-index: 1; } + .optional { - font-size: 12px; - padding: 0 0 0 6px; - font-weight: normal; + font-size: 12px; + padding: 0 0 0 6px; + font-weight: normal; } + .data-active b { - color: #9FBF0C; - font-size: 11px; - letter-spacing: 1px; - text-transform: uppercase; + color: #27c24c; + font-size: 11px; + letter-spacing: 1px; + text-transform: uppercase; } + .data-suspended b { - color: #A3A3A3; - font-size: 11px; - letter-spacing: 3px; - font-weight: bold; - text-transform: uppercase; + color: #A3A3A3; + font-size: 11px; + letter-spacing: 3px; + font-weight: bold; + text-transform: uppercase; } + .data-date { - font-weight: normal; - color: #777; - font-size: 12px; - letter-spacing: 1px; - line-height: 23px; + font-weight: normal; + color: #777; + font-size: 12px; + letter-spacing: 1px; + line-height: 23px; } -.data-dotted { - vertical-align: top; -} -.mail-infoblock-td { - vertical-align: top; + +.data-dotted, .mail-infoblock-td { + vertical-align: top; } + .mail-infoblock { - margin-left: -110px; - font-size: 12px; - color: #777; - border: 1px solid #d9d9d9; - padding: 0px 5px 12px 20px; - margin-top: 64px; - width: 334px; - overflow: hidden; + margin-left: -110px; + font-size: 12px; + color: #777; + border: 1px solid #d9d9d9; + padding: 0px 5px 12px 20px; + margin-top: 64px; + width: 334px; + overflow: hidden; } .mail-infoblock:hover { - overflow: visible; + overflow: visible; } .mail-infoblock td { - color: #777; - font-size: 14px; - height: 18px; - font-weight: normal; + color: #777; + font-size: 14px; + height: 18px; + font-weight: normal; } -.mail-infoblock td:first-child{ - padding-right: 15px; +.mail-infoblock td:first-child { + padding-right: 15px; } .mail-infoblock div { - width: 190px; - white-space: nowrap; + width: 190px; + white-space: nowrap; } .mail-infoblock a { - color: #2c9491; + color: #27c24c; } .mail-infoblock a:hover { - color: #ff6701; + color: #9c8cff; } .additional-info { @@ -2904,489 +2725,1540 @@ a.button.cancel { padding-left: 20px; } +:focus { + outline: none; +} - -:focus {outline:none;} -::-moz-focus-inner {border:0;} +::-moz-focus-inner { + border: 0; +} .login { - background-color: #fff; - box-shadow: 0 2px 6px rgba(100, 100, 100, 0.3); - font-family: Arial,Helvetica,sans-serif; - margin: 0; - padding: 0; - text-align: left; - vertical-align: top; - width: 550px; + background-color: #fff; + box-shadow: 0 2px 6px rgba(100, 100, 100, 0.3); + font-family: Arial, Helvetica, sans-serif; + margin: 0; + padding: 0; + text-align: left; + vertical-align: top; + width: 500px; +} +.login a.error { + color: #BE5ABF; } -.login a.error { - color: #BE5ABF; -} .vestacp { - color: #505050; - font-size: 10px; - text-align: right; + color: #505050; + font-size: 10px; + text-align: right; } .vestacp:hover { - color: #2c9491; + color: #27c24c; } .vestacp:active { - color: #ff6701; + color: #9c8cff; } + .login-bottom { - height: 50px; - margin: 0; - padding: 0 26px 0 0; - text-align: right; - vertical-align: top; - width: 520px; + height: 50px; + margin: 0; + padding: 0 26px 0 0; + text-align: right; + vertical-align: top; + width: 474px; } .l-unit.selected { - background-color: #feef9a; - color: #555; - border-bottom: 1px solid #c0b990; + background-color: #feef9a; + color: #555; + border-bottom: 1px solid #c0b990; } - -.l-unit.selected b, -.l-unit.selected strong { - color: #555; +.l-unit.selected b, .l-unit.selected strong { + color: #555; } - /* MAIN MENU COLLAPSED */ .collapsed .l-stat { - padding-top: 20px; + padding-top: 20px; } - .collapsed .l-stat__col a { - height: 0; - min-height: 0; - overflow: hidden; + height: 0; + min-height: 0; + overflow: hidden; } - .collapsed .l-stat__col-title { - padding-top: 2px; + padding-top: 2px; } div.l-content.collapsed > div.l-separator:nth-of-type(2) { - margin-top: 93px; - position: fixed; + margin-top: 93px; + position: fixed; } - div.l-content.collapsed > div.l-separator:nth-of-type(4) { - margin-top: 138px; - position: fixed; + margin-top: 138px; + position: fixed; } - div.l-content.collapsed .l-sort { - margin-top: 94px; + margin-top: 94px; } .l-content > .units.l-center::before { - content: ''; - display: block; - height: 260px; + content: ""; + display: block; + height: 260px; } form#vstobjects { - padding-top: 280px; + padding-top: 280px; } - form#vstobjects.suspended { - background-color: #EAEAEA; - padding-bottom: 30px; + background-color: #EAEAEA; + padding-bottom: 30px; } #add-icon { - width: 45px; - height: 45px; - background-image: url("/images/sprite.png?1446554103"); - background-position: -378px -107px; - background-repeat: no-repeat; - display: inline-block; - z-index: 3; + width: 45px; + height: 45px; + background-image: url("/images/sprite.png?1446554104"); + background-position: -378px -107px; + background-repeat: no-repeat; + display: inline-block; + z-index: 3; } + .l-sort__create-btn.restore #add-icon { - background-position: -378px -250px; + background-position: -378px -250px; } .l-sort__create-btn.edit #add-icon { - background-position: -378px -154px; + background-position: -378px -154px; } + #tooltip { - background-color: #aacc0d; - border-radius: 15px; - bottom: 6px; - color: #fff; - font-size: 12px; - font-weight: bold; - height: 26px; - left: 12px; - letter-spacing: 0; - line-height: 25px; - margin-left: 12px; - margin-top: 7px; - padding: 3px 14px 3px 27px; - position: absolute; - text-transform: uppercase; - white-space: nowrap; - word-break: keep-all; - z-index: -1; + background-color: #aacc0d; + border-radius: 15px; + bottom: 6px; + color: #fff; + font-size: 12px; + font-weight: bold; + height: 26px; + left: 12px; + letter-spacing: 0; + line-height: 25px; + margin-left: 12px; + margin-top: 7px; + padding: 3px 14px 3px 27px; + position: absolute; + text-transform: uppercase; + white-space: nowrap; + word-break: keep-all; + z-index: -1; } .l-sort__create-btn:active #add-icon { - background-position: -425px -107px; + background-position: -425px -107px; } .l-sort__create-btn.restore:active #add-icon { - background-position: -425px -250px !important; + background-position: -425px -250px !important; } - .l-sort__create-btn.edit:active #add-icon { - background-position: -425px -154px !important; + background-position: -425px -154px !important; } - .l-sort__create-btn.edit:hover #tooltip { - background-color: #55C9C0; + background-color: #23b7e5; } .l-sort__create-btn.edit:active #tooltip { - background-color: #3BF0E6 !important; + background-color: #3BF0E6 !important; } - - - - .l-sort__create-btn:active #tooltip { - background-color: #D9F210; + background-color: #D9F210; } .noselect { - -webkit-touch-callout: none; - -webkit-user-select: none; - -khtml-user-select: none; - -moz-user-select: none; - -ms-user-select: none; - user-select: none; + -webkit-touch-callout: none; + -webkit-user-select: none; + -khtml-user-select: none; + -moz-user-select: none; + -ms-user-select: none; + user-select: none; } .search-input { - background-color: #fff; - border: 1px solid #ddd; - height: 21px; - line-height: 28px; - padding-left: 7px; - float: left; - width: 74px; -/* visibility: hidden;*/ - -webkit-transition: width .2s ease-out; - -moz-transition: width .2s ease-out; - -o-transition: width .2s ease-out; - transition: width .2s ease-out; -} -.lang-ru .search-input.activated{ - width: 70px; -} -.search-input.activated{ - width: 130px; - visibility: visible; -} -.search-input:focus { -// background-color: #e8fcff; -// border-color: #75c9c2; -// color: #333; + background-color: #fff; + border: 1px solid #ddd; + height: 21px; + line-height: 28px; + padding-left: 7px; + float: left; + width: 74px; + /* visibility: hidden;*/ + -webkit-transition: width 0.2s ease-out; + -moz-transition: width 0.2s ease-out; + -o-transition: width 0.2s ease-out; + transition: width 0.2s ease-out; } +.lang-ru .search-input.activated { + width: 70px; +} + +.search-input.activated { + width: 130px; + visibility: visible; +} .float-left { - float: left; + float: left; } + .float-right { - float: right; + float: right; } + .display-inline-block { - display: inline-block; + display: inline-block; } + .width-100p { - width: 100%; + width: 100%; } .l-sort-toolbar table td { - float: left; + float: left; } + .l-sort-toolbar__search-box { - float: right !important; - padding-top: 3px; - padding-right: 0 !important; + float: right !important; + padding-top: 3px; + padding-right: 0 !important; } + .ui-dialog .ui-dialog-buttonpane button:nth-of-type(2) { - -background-color: #dfdedd; + -background-color: #dde6e9; } .shortcuts { - background: rgba(50, 50, 50, 0.9); - display: inline-block; - position: fixed; - left: 50%; - bottom: 0; - color: #eee; - width: 800px; - border: 1px solid #333; - font-size: 13px; - z-index: 120; - transform: translate(-50%, 0); + background: rgba(50, 50, 50, 0.9); + display: inline-block; + position: fixed; + left: 50%; + bottom: 0; + color: #eee; + width: 800px; + border: 1px solid #333; + font-size: 13px; + z-index: 120; + transform: translate(-50%, 0); } .shortcuts .header { - border-bottom: 1px solid #333; - height: 43px; + border-bottom: 1px solid #333; + height: 43px; } .shortcuts .title { - text-transform: uppercase; - color: #ffcc00; - padding: 7px 0 7px 14px; - display: inline-block; - float: left; - font-size: 11px; - letter-spacing: 3px; + text-transform: uppercase; + color: #ffcc00; + padding: 7px 0 7px 14px; + display: inline-block; + float: left; + font-size: 11px; + letter-spacing: 3px; } .shortcuts .close { - background: url("/images/sprite.png?1446554103") repeat scroll -408px -469px; - cursor: pointer; - display: inline-block; - float: right; - height: 32px; - padding-top: 11px; - width: 46px; + background: url("/images/sprite.png?1446554104") repeat scroll -408px -469px; + cursor: pointer; + display: inline-block; + float: right; + height: 32px; + padding-top: 11px; + width: 46px; } .shortcuts .close:hover { - background-color: #000; + background-color: #000; } .shortcuts .close:active { - background-color: #55c9c0; + background-color: #23b7e5; } .shortcuts ul { - list-style-type: none; - padding: 30px 20px; - display: inline-block; - float: left; - width: 360px; + list-style-type: none; + padding: 30px 20px; + display: inline-block; + float: left; + width: 360px; } .shortcuts ul li { - padding: 5px 20px; + padding: 5px 20px; } .shortcuts ul li.step-top { - padding-top: 30px; + padding-top: 30px; } .shortcuts ul li span { - color: #48F4EF; - display: inline-block; - font-weight: bold; - padding: 0 20px 0 0; - text-align: right; -/* width: 140px;*/ + color: #48F4EF; + display: inline-block; + font-weight: bold; + padding: 0 20px 0 0; + text-align: right; + /* width: 140px;*/ } .shortcuts ul li span.bigger { - font-size: 18px; + font-size: 18px; } .description { - font-weight: normal; - line-height: 25px; - padding-bottom: 45px; - margin-left: 50px; + font-weight: normal; + line-height: 25px; + padding-bottom: 45px; + margin-left: 50px; } -.description ul{ - margin-top: 15px; - list-style: none; - padding-left: 0; +.description ul { + margin-top: 15px; + list-style: none; + padding-left: 0; } - -.description li{ - margin: 10px 0; +.description li { + margin: 10px 0; } - .description a { - line-height: 30px; - text-decoration: underline; - color: #2c9491; + line-height: 30px; + text-decoration: underline; + color: #27c24c; } .description a.purchase { - color: #FFF; - background-color: #9fbf0c; - border: none; - border-radius: 3px; - font-size: 13px; - font-weight: bold; - padding: 7px 15px;; - text-transform: capitalize; - text-decoration: none; + color: #FFF; + background-color: #27c24c; + border: none; + border-radius: 3px; + font-size: 13px; + font-weight: bold; + padding: 7px 15px; + text-transform: capitalize; + text-decoration: none; } .description a.purchase:hover { - background-color: #c0e60f; - color: #555; + background-color: #32f360; + color: #555; } .description a.purchase:active { - background-color: #D9F210; - color: #555; + background-color: #D9F210; + color: #555; } - .description a.cancel { - background-color: #999; - border: none; - border-radius: 3px; - color: #fff; - font-size: 13px; - font-weight: bold; - padding: 7px 15px; - text-transform: capitalize; - text-decoration: none; + background-color: #999; + border: none; + border-radius: 3px; + color: #fff; + font-size: 13px; + font-weight: bold; + padding: 7px 15px; + text-transform: capitalize; + text-decoration: none; } .description a.cancel:hover { - background-color: #2c9491; + background-color: #27c24c; } .description a.cancel:active { - background-color: #5f9491; + background-color: #5f9491; } - .description.cancel-success { - color: #8fac0a; - font-weight: bold; + color: #8fac0a; + font-weight: bold; } - .description .licence { - padding: 20px 0; - color: #2c9491; + padding: 20px 0; + color: #27c24c; } - .description .licence input { - margin-left: 17px; - width: 137px; + margin-left: 17px; + width: 137px; } - .description span { - font-style: italic; - line-height: 45px; - padding-top: 20px; + font-style: italic; + line-height: 45px; + padding-top: 20px; } - .description .twoco { - font-style: italic; - line-height: 15px; - font-size: 12px; + font-style: italic; + line-height: 15px; + font-size: 12px; } .ui-dialog .ui-dialog-content { - padding: 10px 26px 30px !important; + padding: 10px 26px 30px !important; } .helper-container { - float: right; - height: 293px; - margin-bottom: -450px; - margin-top: 459px; - padding-top: 3px; - width: 563px; + float: right; + height: 293px; + margin-bottom: -450px; + margin-top: 459px; + padding-top: 3px; + width: 563px; } .context-helper { - text-transform: uppercase; -# text-decoration: underline; - color: #777; - font-size: 11px; - cursor: pointer; - font-weight: bold; - float: right; + text-transform: uppercase; + color: #777; + font-size: 11px; + cursor: pointer; + font-weight: bold; + float: right; } .context-helper:hover { - color: #55C9C0; + color: #23b7e5; } .context-helper:active { - color: #ff6701; + color: #9c8cff; } - .cron-helper-tabs { -/* margin-top: 30px;*/ - border: 1px solid #d9d9d9 !important; + /* margin-top: 30px;*/ + border: 1px solid #d9d9d9 !important; } - .cron-helper-tabs a { - color: #777; - font-size: 11px; - font-weight: bold; - line-height: 30px; - padding: 0 12px; - text-transform: uppercase; + color: #777; + font-size: 11px; + font-weight: bold; + line-height: 30px; + padding: 0 12px; + text-transform: uppercase; } - .cron-helper-tabs a:hover { - color: #ff6701; + color: #9c8cff; } .cron-helper-tabs a:active { - color: #55C9C0; + color: #23b7e5; } .cron-helper-tabs .ui-tabs-selected a { - color: #ff6701; + color: #9c8cff; } - .cron-helper-tabs select { - font-size: 15px !important; + font-size: 15px !important; } .cron-helper-tabs select.short { - background-position: -388px -604px; - min-width: 30px; - width: 70px; + background-position: -388px -604px; + min-width: 30px; + width: 70px; } - .cron-helper-tabs p { - color: #777; - font-size: 12px; + color: #777; + font-size: 12px; } -.cron-helper-tabs p span{ - padding-right: 15px; - padding-left: 25px; +.cron-helper-tabs p span { + padding-right: 15px; + padding-left: 25px; } -.cron-helper-tabs p span.first{ - display: inline-block; - padding-right: 15px; - width: 100px; - padding-left: 0; +.cron-helper-tabs p span.first { + display: inline-block; + padding-right: 15px; + width: 100px; + padding-left: 0; } - .cron-helper-tabs .button { - width: auto; - background-color: #55C9C0; - border: 1px solid #55C9C0; - text-transform: capitalize; + width: auto; + background-color: #23b7e5; + border: 1px solid #23b7e5; + text-transform: capitalize; } .cron-helper-tabs .button:hover { - background-color: #5BD8CF; - border: 1px solid #5BD8CF; + background-color: #00d8ff; + border: 1px solid #00d8ff; } .cron-helper-tabs .button:active { - background-color: #4FBCB4; - border: 1px solid #4FBCB4; + background-color: #49c8ef; + border: 1px solid #49c8ef; } .context-helper-close { - background: rgba(0, 0, 0, 0) url("/images/sprite.png?1446554103") repeat scroll -408px -469px; - cursor: pointer; - display: inline-block; - float: right; - height: 32px; - padding-top: 11px; - width: 46px; - filter: contrast(50%); + background: rgba(0, 0, 0, 0) url("/images/sprite.png?1446554104") repeat scroll -408px -469px; + cursor: pointer; + display: inline-block; + float: right; + height: 32px; + padding-top: 11px; + width: 46px; + filter: contrast(50%); } .context-helper-close:hover { - background-color: #aaa; - filter: none; + background-color: #aaa; + filter: none; } .context-helper-close:active { - background-color: #999; - filter: none; + background-color: #999; + filter: none; } @media screen and (max-width: 950px) { - .helper-container { - display: none; - } + .helper-container { + display: none; + } +} + + +/* ------ fixes ------ */ + +body { + background: #f0f3f5; + color: #58666f; + font-family: 'Source Sans Pro', sans-serif; +} +b, strong { + color: #58666f; +} +.l-percent { + border-bottom: none; + margin-top: 1px; + width: 200px; + background: #e4eaed; +} +.l-percent__fill { + background-color: #2ac34e; + bottom: 0; +} +.to-top { + z-index: 100; + top: unset; + bottom: 30px; + right: 285px; +} +.to-shortcuts { + z-index: 100; + top: unset; + bottom: 30px; + right: 330px; +} +.shortcuts { + right: calc(50% - 400px); + bottom: calc(50% - 213px); +} +.l-separator { + display: none; +} +.l-header { + position: fixed; + width: calc(100% - 40px); + z-index: 99; + background: #fff; + box-shadow: 0 2px 2px rgba(0, 0, 0, 0.05), 0 1px 0 rgba(0, 0, 0, 0.05); + color: #58666f; + height: 50px; + padding: 0 20px; + margin-bottom: unset; +} +.l-header a { + color: #58666f; + font-size: 14px; +} +.l-header a:hover { + color: #58666f; +} +.l-header .l-center { + max-width: none !important; +} +.l-header .l-center .l-logo { + background-position: -65px -182px; + /* background-position: -125px -478px; */ + background-repeat: no-repeat; + display: block; + height: 40px; + margin-top: 0; + width: 80px; + /* width: 42px; */ + margin-left: 0; + background-size: 235px 325px; + position: relative; + top: 5px; + left: 0; + float: left; + padding-right: 20px; +} +.l-header .l-center .l-menu { + position: unset; + margin-left: unset; +} +.l-header .l-center .l-menu .l-menu__item a { + line-height: 50px; + padding: 0 18px; + display: inline-block; +} +.l-header .l-center .l-menu .l-menu__item a:hover { + background-color: rgba(0, 0, 0, 0.05); +} +.l-header .l-center .l-menu .l-menu__item a:active { + background-color: rgba(0, 0, 0, 0.05); +} +.l-header .l-center .l-menu .l-menu__item.l-menu__item--active a { + color: unset; + font-size: unset; + font-weight: unset; + text-transform: unset; + background-color: rgba(0, 0, 0, 0.05); +} +.l-header .l-center .l-profile .l-profile__notifications { + margin-top: 13px; +} +.l-header .l-center .l-profile .l-profile__notifications:hover { + background-color: rgba(0, 0, 0, 0.05); +} +.l-header .l-center .l-profile .l-profile__username { + padding: 15px 0 0 10px; +} +.l-header .l-center .l-profile .l-profile__logout { + padding: 15px 0 0 10px; +} +.l-header > .l-center { + margin-left: 200px; +} +.l-content { + position: relative; + top: 50px; +} +.l-content + div { + right: 100px !important; + top: unset !important; + bottom: 40px !important; +} +.l-content + div div { + background-color: #e4eaed !important; + padding: 10px; + border-radius: 5px; +} +.l-content .l-center { + max-width: none !important; +} +.l-content .l-center .l-stat { + display: block; + position: fixed; + z-index: 100; + padding-top: 0 !important; + width: 200px; + height: 100%; + top: 0; + margin-top: 0; + background: #1c2b35; + overflow-y: scroll; + scrollbar-width: thin; + /* Firefox */ + -ms-overflow-style: scrollbar; + /* Internet Explorer 10+ */ + /* width */ +} +.l-content .l-center .l-stat::-webkit-scrollbar { + display: block; + width: 7px; + /* Track */ +} +.l-content .l-center .l-stat::-webkit-scrollbar-track { + background: rgba(255, 255, 255, 0); + /* Handle */ +} +.l-content .l-center .l-stat::-webkit-scrollbar-thumb { + background: rgba(255, 255, 255, 0.15); +} +.l-content .l-center .l-stat:hover { + /* Handle on hover */ +} +.l-content .l-center .l-stat:hover::-webkit-scrollbar-thumb { + background: rgba(255, 255, 255, 0.4); +} +.l-content .l-center .l-stat .l-stat__col--active ul { + display: block !important; +} +.l-content .l-center .l-stat .l-stat__col--active { + background: #131e27; +} +.l-content .l-center .l-stat .l-stat__col--active a { + border-bottom: 2px solid #131e27; +} +.l-content .l-center .l-stat .l-stat__col--active a .l-stat__col-title { + background: #16232d; + color: white !important; + font-size: 20px; + font-weight: 400; + margin-top: unset; + letter-spacing: unset; + margin-right: unset; +} +.l-content .l-center .l-stat .l-stat__col--active span { + display: none; +} +.l-content .l-center .l-stat .focus { + background: #5e5e5e; +} +.l-content .l-center .l-stat .focus a { + border-bottom: 2px solid #131e27; +} +.l-content .l-center .l-stat .focus a ul li { + color: #c2e5ff !important; +} +.l-content .l-center .l-stat .focus a .l-stat__col-title { + background: #5e5e5e; + color: #c4d0d8; + font-size: 20px; + font-weight: 400; + margin-top: unset; + letter-spacing: unset; + margin-right: unset; +} +.l-content .l-center .l-stat .l-stat__col { + display: block; + float: unset; +} +.l-content .l-center .l-stat .l-stat__col:hover .l-stat__col-title { + color: #fff; +} +.l-content .l-center .l-stat .l-stat__col:hover .l-stat__col-title:after { + color: #fff; +} +.l-content .l-center .l-stat .l-stat__col a { + height: unset !important; + min-height: unset !important; + display: block; + width: unset; + border-bottom: 2px solid #131e27; + background-color: transparent; + padding-left: unset; + padding-bottom: 10px; + padding-top: unset; + margin-top: unset; +} +.l-content .l-center .l-stat .l-stat__col a .l-stat__col-title { + min-height: unset !important; + color: #869fb2; + font-size: 20px; + font-weight: 400; + padding: 15px 15px 15px 20px; + margin-bottom: 0; + margin-top: 0 !important; +} +.l-content .l-center .l-stat .l-stat__col a .l-stat__col-title:after { + font-family: 'Font Awesome 5 Free'; + font-weight: bold; + content: "\f054"; + float: right; + font-size: 10px; + color: #5c798f; + margin-top: 8px; + margin-right: 26px; +} +.l-content .l-center .l-stat .l-stat__col a .l-stat__col-title:before { + font-family: 'Font Awesome 5 Free'; + font-weight: bold; + content: "\f233"; + padding-right: 10px; + font-size: 17px; +} + +.l-content .l-center .l-stat .l-stat__col--active a .l-stat__col-title:after { + margin-right: 26px; +} + +.l-content .l-center .l-stat .l-stat__col a ul { + margin: 0; + display: none; +} +.l-content .l-center .l-stat .l-stat__col a ul li { + color: #92adc2; + margin-bottom: unset; + padding: 10px 20px 10px 20px; + font-size: 14px; +} +.l-content .l-center .l-stat .l-stat__col a ul li span { + float: right; + padding: 3px 5px 4px 5px; + font-size: 13px; + color: #fff; + background-color: #27c54e; + font-weight: 700; + text-shadow: 0 1px 0 rgba(0, 0, 0, 0.2); + display: inline-block; + min-width: 10px; + line-height: 1; + text-align: center; + white-space: nowrap; + vertical-align: baseline; + border-radius: 0.25em; + left: 133px; +} +.l-content .l-center .l-stat .l-stat__col a ul li:first-child span { + float: right; + padding: 3px 5px 4px 5px; + font-size: 13px; + color: #fff; + background-color: #34b5dd; + font-weight: 700; + text-shadow: 0 1px 0 rgba(0, 0, 0, 0.2); + display: inline-block; + min-width: 10px; + line-height: 1; + text-align: center; + white-space: nowrap; + vertical-align: baseline; + border-radius: 10px; +} +.l-content .l-center .l-stat .l-stat__col a ul li:before { + font-family: 'Font Awesome 5 Free'; + font-weight: bold; + content: "\f03a"; + padding-right: 15px; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(1) a .l-stat__col-title:before { + content: "\f500"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(1) a ul li:nth-of-type(1):before { + content: "\f0a0"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(1) a ul li:nth-of-type(2):before { + content: "\f75b"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(1) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(2) a .l-stat__col-title:before { + content: "\f233"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(2) a ul li:nth-of-type(1):before { + content: "\f0ac"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(2) a ul li:nth-of-type(2):before { + content: "\f0c5"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(2) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(3) a .l-stat__col-title:before { + content: "\f6ff"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(3) a ul li:nth-of-type(1):before { + content: "\f0ac"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(3) a ul li:nth-of-type(2):before { + content: "\f303"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(3) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(4) a .l-stat__col-title:before { + content: "\f674"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(4) a ul li:nth-of-type(1):before { + content: "\f0ac"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(4) a ul li:nth-of-type(2):before { + content: "\f2bb"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(4) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(5) a .l-stat__col-title:before { + content: "\f1c0"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(5) a ul li:nth-of-type(1):before { + content: "\f1c0"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(5) a ul li:nth-of-type(2):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(5) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(6) a .l-stat__col-title:before { + content: "\f120"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(6) a ul li:nth-of-type(1):before { + content: "\f120"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(6) a ul li:nth-of-type(2):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(6) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(7) a .l-stat__col-title:before { + content: "\f019"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(7) a ul li:nth-of-type(1):before { + content: "\f019"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(7) a ul li:nth-of-type(2):before { + content: "\f05e"; +} +.l-content .l-center .l-stat .l-stat__col:nth-of-type(7) a ul li:nth-of-type(3):before { + content: "\f05e"; +} +.l-content .l-center .l-sort { + padding: 0 20px; + position: relative; + z-index: 98; + width: auto; + margin-top: unset !important; + background-color: #f6f8f8; + border-bottom: 1px solid #dee5e8; + margin-bottom: 30px; +} +.l-content .l-center .l-sort .l-sort__create-btn { + bottom: -20px; +} +.l-content .l-center .l-sort .context-menu { + top: 77px; +} +.l-content .l-center .l-sort .l-sort-toolbar { + padding: 24px 0 22px 0; + color: #98a6ac; +} +.l-content .l-center .l-sort .l-sort-toolbar .l-select { + border-radius: 3px 0 0 3px; + background: #fff; + border: 1px solid #dee5e8; +} +.l-content .l-center .l-sort .l-sort-toolbar .l-sort-toolbar__filter-apply { + border-radius: 0 3px 3px 0; +} +.l-content .l-center .l-sort .l-sort-toolbar table tbody tr .l-sort-toolbar__search-box form .search-input { + border-radius: 3px 0 0 3px; + border: 1px solid #dee5e8; +} +.l-content .l-center .l-sort .l-sort-toolbar table tbody tr .l-sort-toolbar__search-box form .l-sort-toolbar__search { + border-radius: 0 3px 3px 0; +} +.l-content .l-center .l-sort .l-sort-toolbar table tbody tr .sort-by { + padding-left: 30px; +} +.l-content .l-center .l-unit { + padding: 0 0 0 15px; + overflow: hidden; + margin: 0px 20px 20px 20px; + background: #fff; + border-radius: 3px; + border-bottom: none !important; + border-left: none !important; + color: #98a6ac; + font-size: 14px; +} +.l-content .l-center .l-unit.selected { + background-color: #e4eaed; +} +.l-content .l-center .l-unit--suspended { + background-color: #eaeaea !important; +} +.l-content .l-center .l-unit.selected .l-percent { + border-bottom: none; + margin-top: 1px; + width: 200px; + background: #cbd3d7; +} +.l-content .l-center .l-unit .l-unit-toolbar .l-unit-toolbar__col.l-unit-toolbar__col--right { + position: relative; + top: 20px; + right: 20px; + display: block; +} +.l-content .l-center .l-unit .l-unit-toolbar .l-unit-toolbar__col.l-unit-toolbar__col--right .actions-panel__col { + margin-left: 10px; + border-radius: 3px; + overflow: hidden; + border-right: none; + background-color: #dde6e8; +} +.l-content .l-center .l-unit .l-unit-toolbar .l-unit-toolbar__col.l-unit-toolbar__col--right .actions-panel__col a { + font-weight: 500; +} +.l-content .l-center .l-unit .l-unit-toolbar .l-unit-toolbar__col .check-label:before { + z-index: 97; +} +.l-content .l-center .l-unit .l-unit__col .l-unit__name { + color: #34b5dd; + font-weight: 500; + font-size: 24px; + margin-bottom: unset; +} +.l-content .l-center .l-unit .l-unit__col .l-unit__ip { + font-size: 18px; +} +.l-content .l-center .l-unit .l-unit__col .l-unit__date { + letter-spacing: unset; + display: inline-block; + border-bottom: solid 10px #ffeb0087; + line-height: 3px; + padding: 0 0px; + margin-bottom: 30px; + font-weight: 400; + font-size: 16px; +} +.l-content .l-center .l-unit .l-unit__col .l-unit__stats td { + height: 27px; +} +.l-content .l-center .io-box { + overflow: hidden; + margin: 20px 20px 0px 20px; + color: #98a6ac; +} +.l-content .l-center .io-box .io-box-left { + float: left; + width: calc(100% - 800px); + /*min-width: 283px;*/ + text-align: center; +} +.l-content .l-center .io-box .io-box-left .io-box-left-items { + float: left; + width: calc(50% - 20px); + height: 137px; + margin-right: 20px; + margin-bottom: 20px; + background: #fff; + border-radius: 3px; + min-width: 125px; +} +.l-content .l-center .io-box .io-box-left .io-box-left-items a { + display: block; + font-size: 36px; + font-weight: 300; + margin-top: 32px; +} +.l-content .l-center .io-box .io-box-left .io-1-homepage-block { + color: #98a6ac; +} +.l-content .l-center .io-box .io-box-left .io-1-homepage-block a { + color: #34b5dd; +} +.l-content .l-center .io-box .io-box-left .io-2-homepage-block { + color: #b4efc2; + background-color: #27c54e; +} +.l-content .l-center .io-box .io-box-left .io-2-homepage-block a { + color: #ecfff1; +} +.l-content .l-center .io-box .io-box-left .io-3-homepage-block { + color: #b0e1f1; + background-color: #34b5dd; +} +.l-content .l-center .io-box .io-box-left .io-3-homepage-block a { + color: #dcf2f8; +} +.l-content .l-center .io-box .io-box-left .io-4-homepage-block { + color: #98a6ac; +} +.l-content .l-center .io-box .io-box-left .io-4-homepage-block a { + color: #58666f; +} +.l-content .l-center .io-box .io-box-left .io-1-homepage-block span { + padding: 5px; +} +.l-content .l-center .io-box .io-box-left .io-2-homepage-block span { + padding: 5px; +} +.l-content .l-center .io-box .io-box-left .io-3-homepage-block span { + padding: 5px; +} +.l-content .l-center .io-box .io-box-left .io-4-homepage-block span { + padding: 5px; +} +.l-content .l-center .io-box .io-box-left .io-5-homepage-block span { + padding: 5px; +} + +.l-content .l-center .io-box .io-box-left .io-5-homepage-block { + width: calc(100% - 20px); + color: #98a6ac; + background: #e4eaed; +} +.l-content .l-center .io-box .io-box-left .io-5-homepage-block a { + color: #27c54e; +} +.l-content .l-center .io-box .io-box-left .io-5-homepage-block:before { + font-family: 'Font Awesome 5 Free'; + font-weight: bold; + font-size: 32px; + background: #dde6e8; + height: 121px; + width: 115px; + line-height: 90px; + content: "\f581"; + color: #fff; + float: left; + border-radius: 5px 0 0 5px; + padding-top: 16px; +} +.l-content .l-center .io-box .io-box-right { + float: right; + width: 800px; + background: #fff; + height: 450px; + overflow: hidden; + border-radius: 3px; + text-align: center; +} +.l-content .l-center .io-box .io-box-right img { + margin-top: 8px; + width: 767px; + height: 433px; + position: relative; +} +.l-content .l-center .l-unit-ft { + padding: 0 0 37px 15px; + overflow: hidden; + margin: 0px 20px 19px 20px; + background: #e4eaed; + border-radius: 3px; + border-bottom: none !important; + border-left: none !important; + position: relative; + color: #a6b0b4; + font-weight: bold; + text-transform: uppercase; + font-size: 11px; +} +.l-content .l-center .l-unit-ft:before { + font-family: "Font Awesome 5 Free"; + font-weight: bold; + font-size: 32px; + background: #dde6e8; + height: 100%; + width: 90px; + line-height: 108px; + content: "\f05a"; + color: #fff; + float: left; + border-radius: 5px 0 0 5px; + position: absolute; + left: 0; + text-align: center; +} +.l-content .l-center .l-unit-ft .data { + margin: 0 0 50px 0; +} +.l-content .l-center #vstobjects { + padding: 0 0 0 15px; + overflow: hidden; + margin: 0px 20px 20px 20px; + background: #fff; + border-radius: 3px; + border-bottom: none !important; + border-left: none !important; + color: #98a6ac; + font-size: 14px; +} +.l-content .l-center #vstobjects .data-date { + color: #98A6AC; + letter-spacing: unset; + display: inline-block; + border-bottom: solid 10px #ffeb0087; + line-height: 3px; + padding: 0 0px; + margin-bottom: 30px; + font-weight: 400; + font-size: 16px; +} +.l-content .l-center .vst-text.step-top.helper-container { + margin-bottom: unset; + margin-top: 0; + float: unset; + height: auto; + width: auto; +} +.l-content .l-center .vst-text.step-top.helper-container #tabs.cron-helper-tabs { + padding: 0 0 0 15px; + overflow: hidden; + margin: 0 20px 20px 20px; + background: #fff; + border-radius: 3px; + border-bottom: none !important; + border-left: none !important; + color: #98a6ac; + font-size: 14px; + border: none !important; +} +.l-content > .units.l-center::before { + content: ''; + display: block; + height: 0; +} +.l-content > .l-center { + margin-left: 200px; + margin-right: 240px; +} +.l-content > .l-center:first-child { + margin-left: 0; +} +.l-content #vstobjects > .l-center { + margin-left: 200px; + margin-right: 240px; + padding-top: 0; + padding-bottom: 1px; +} + +.l-content .right_sidebar { + width: 240px; + position: fixed; + display: block; + z-index: 98; + top: 50px; + right: 0px; + box-sizing: border-box; + height: 100%; + background: #fff; + border-left: 1px solid #dee5e8; +} +.l-content .io-log { + color: #58666f; + border-left: 1px solid #dee5e8; + width: 240px; + position: relative; + display: block; + /*overflow-scrolling: auto;*/ + z-index: 99; + top: 0px; + right: 0px; + background: #fff; + word-break: break-word; + overflow: hidden; + border-right: 8px solid #e3e3e3; + box-sizing: border-box; +} +.l-content .io-log::-webkit-scrollbar { + width: 7px; + /* Track */ +} +.l-content .io-log::-webkit-scrollbar-track { + background: rgba(255, 255, 255, 0); + /* Handle */ +} +.l-content .io-log::-webkit-scrollbar-thumb { + background: rgba(0, 0, 0, 0.15); + border-radius: 7px; + /* Handle on hover */ +} +.l-content .io-log::-webkit-scrollbar-thumb:hover { + background: rgba(0, 0, 0, 0.4); + border-radius: 7px; +} +.l-content .io-log > * { + margin: 0 20px; +} +.l-content .io-log h2 { + margin: 0 0 20px 0; + padding-left: 20px; + font-size: 24px; + font-weight: 300; + line-height: 60px; + color: #98a6ac; + border-bottom: 1px solid #dee5e8; + cursor: pointer; +} +.l-content .io-log h2:before { + font-family: "Font Awesome 5 Free"; + font-weight: bold; + content: "\f15c"; + padding-right: 10px; + font-size: 17px; +} +.l-content .io-log > div { + /* border-left: solid 1px #dee5e8; */ + padding-left: 15px; + position: relative; + margin-left: 25px; +} +.l-content .io-log > div > div { + position: relative; + margin-bottom: 25px; +} +.l-content .io-log > div > div > div:nth-of-type(2) { + color: #98a6ac; + font-size: 13px; + margin-bottom: 5px; +} +.l-content .io-log > div > div > div:nth-of-type(3) { + color: #98a6ac; + font-size: 13px; + margin-bottom: 5px; +} +.l-content .io-log > div > div:before { + content: ''; + position: absolute; + height: 100%; + width: 7px; + border-radius: 10px; + border: solid 1px #dee5e8; + background: #e0fff9; + left: -20px; +} +.l-content .io-log > div > div:first-child(1n):before { + background: #e0fff9; +} +.l-content .io-log > div > div:nth-child(2n):before { + background: #fbffe0; +} +.l-content .io-log > div > div:nth-child(3n):before { + background: #fbffe0; +} +.l-content .io-log > div > div:nth-child(4n):before { + background: #fbffe0; +} +.l-content .io-log > div > div:nth-child(5n):before { + background: #fbffe0; +} + +.l-content .io-log2 { + color: #58666f; + border-left: 1px solid #dee5e8; + border-top: 1px solid #cecece; + width: 240px; + position: relative; + height: 100%; + display: block; + /*overflow-scrolling: auto;*/ + z-index: 99; + top: 0px; + right: 0px; + background: #fff; + word-break: break-word; + overflow-y: scroll; + scrollbar-width: thin; + box-sizing: border-box; +} +.l-content .io-log2::-webkit-scrollbar { + width: 7px; + /* Track */ +} +.l-content .io-log2::-webkit-scrollbar-track { + background: rgba(255, 255, 255, 0); + /* Handle */ +} +.l-content .io-log2::-webkit-scrollbar-thumb { + background: rgba(0, 0, 0, 0.15); + border-radius: 7px; + /* Handle on hover */ +} +.l-content .io-log2::-webkit-scrollbar-thumb:hover { + background: rgba(0, 0, 0, 0.4); + border-radius: 7px; +} +.l-content .io-log2 > * { + margin: 0 20px; +} +.l-content .io-log2 h2 { + margin: 0 0 20px 0; + padding-left: 20px; + font-size: 24px; + font-weight: 300; + line-height: 60px; + color: #98a6ac; + border-bottom: 1px solid #dee5e8; + cursor: pointer; +} +.l-content .io-log2 h2:before { + font-family: "Font Awesome 5 Free"; + font-weight: bold; + content: "\f15c"; + padding-right: 10px; + font-size: 17px; +} +.l-content .io-log2 > div { + border-left: solid 1px #dee5e8; + padding-left: 15px; + position: relative; + margin-left: 25px; +} +.l-content .io-log2 > div > div { + position: relative; + margin-bottom: 25px; +} +.l-content .io-log2 > div > div > div:nth-of-type(2) { + color: #98a6ac; + font-size: 12px; + margin-bottom: 5px; +} +.l-content .io-log2 > div > div:before { + content: ''; + position: absolute; + height: 100%; + width: 7px; + border-radius: 10px; + border: solid 1px #dee5e8; + background: #fff; + left: -20px; +} +.l-content .io-log2 > div > div:nth-child(2n):before { + border: solid 1px #27c54e; +} +.l-content .io-log2 > div > div:nth-child(3n):before { + border: solid 1px #27bbc5; +} +.l-content .io-log2 > div > div:nth-child(4n):before { + border: solid 1px #275bc5; +} +.l-content .io-log2 > div > div:nth-child(5n):before { + border: solid 1px #ffcc00; +} + + +#tooltip { + background-color: #3AB5DD; +} +#tooltip:hover { + background-color: #1ca2cc; +} + +.l-sort__create-btn.edit:hover #tooltip { + background-color: #49c8ef; +} +.l-sort__create-btn.edit:active #tooltip { + background-color: #00d8ff !important; +} +.l-sort__create-btn:active #tooltip { + background-color: #00d8ff; +} +.body-login, .body-reset { + background-color: #f0f3f5; +} +.body-login .login, .body-reset .login { + font-family: Arial, Helvetica, sans-serif; + border: 1px solid #e7ecee; + border-radius: 10px; + overflow: hidden; + position: relative; + padding: 35px 35px 10px 35px; + display: block; + width: 420px; + box-shadow: 0 2px 2px rgba(0, 0, 0, 0.05), 0 1px 0 rgba(0, 0, 0, 0.05); +} +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1), .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) { + position: absolute; + text-align: center; + width: calc(100% - 46px); +} +/* +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) a, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) a { + background-image: url(/images/sprite.png?1446554103); + background-position: -65px -182px; + background-repeat: no-repeat; + display: inline-block; + height: 40px; + margin-top: 0; + width: 80px; + margin-left: 0; + background-size: 235px 325px; + position: relative; +} +*/ +/* +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) a img, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(1) a img { + display: none; +} +*/ +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2), .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) { + position: relative; + padding: 65px 0 0 0 !important; +} +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .vst-input, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .vst-input { + padding: 5px 10px; + margin: 0; + width: 320px !important; + margin-top: 7px; + border-radius: 3px; + border: solid 1px #d3d9e2; +} +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button, .body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button:hover, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button:hover, .body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button:active, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(1) > td:nth-of-type(2) .button:active { + width: 100% !important; + border: 1px solid #27c54e; + background-color: #27c54e; + color: #f4f3f9; + margin-bottom: 20px; +} +.body-login .login > tbody > tr > td > table > tbody > tr:nth-of-type(2) .login-bottom, .body-reset .login > tbody > tr > td > table > tbody > tr:nth-of-type(2) .login-bottom { + width: auto; + text-align: center; + padding-bottom: unset; + padding: 0; +} +.body-login .login-box .vst-advanced, .body-reset .login-box .vst-advanced { + color: #34b5dd; +} +.body-web-log .l-header > .l-center { + margin-left: 0; +} +.l-stat__col span { + padding: 4px 0; + font-size: 15px; + position: fixed; + display: inline-block; + left: 159px; +} +.l-sort__create-btn2 { + background-image: url("/images/sprite.png?1446554103"); + background-position: -331px -107px; + background-repeat: no-repeat; + display: inline-block; + height: 45px; + width: 45px; +} +/* +.ui-resizable-handle { + background-color: #333 !important; +} +*/ +/* +div.ui-dialog div { + background-color: #333 !important; +} +*/ +div.ui-dialog > div { + background-color: #333 !important; +} +div.ui-dialog > div div { + background-color: #333 !important; +} +/* +div.ui-dialog > div > div { + background-color: #333 !important; +} +div.ui-dialog + div { + background-color: #333 !important; +} +div.ui-dialog + div div{ + background-color: #333 !important; +} +*/ +/* +.ui-dialog-titlebar { + background-color: #333 !important; +} +.ui-dialog-buttonpane { + background-color: #333 !important; +} +*/ + +.backup-items { + background-color: #f8f8f8; + margin: 10px 33px; + border-radius: 10px; +} + +.upper_button { + background-color: #3AB5DD; + color: #fff !important; + padding: 5px 10px !important; + border-radius: 13px; +} + +.get-ip-info-btn { + cursor: pointer; + margin-left: 10px; +} +.get-ip-info-btn:hover { + color: #000000; +} +.get-ip-info-btn + .get-ip-info-result { + margin: 10px 0; +} +.get-ip-info-btn + .get-ip-info-result dl dt { + font-weight: bold; +} +.get-ip-info-btn + .get-ip-info-result dl dd { + margin: 0 0 10px 0; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-triangle { + color: red; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-check-circle { + color: green; +} +.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-circle { + color: orange; } diff --git a/web/edit/server/index.php b/web/edit/server/index.php index 49c577d8..eed4baab 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -339,7 +339,8 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); + $v_backup_port = escapeshellarg($_POST['v_backup_port']); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath." ".$v_backup_port, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -347,12 +348,12 @@ if (!empty($_POST['save'])) { if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username']; if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password']; if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath']; + if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port']; $v_backup_new = 'yes'; $v_backup_adv = 'yes'; $v_backup_remote_adv = 'yes'; } } - // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { diff --git a/web/images/myvesta-large-white-130.png b/web/images/myvesta-large-white-130.png new file mode 100644 index 00000000..2007b0bc Binary files /dev/null and b/web/images/myvesta-large-white-130.png differ diff --git a/web/images/sprite.png b/web/images/sprite.png index 456ab6f8..c0ac73f3 100644 Binary files a/web/images/sprite.png and b/web/images/sprite.png differ diff --git a/web/images/vesta_logo.png b/web/images/vesta_logo.png index f7c03aab..7a2bd53a 100644 Binary files a/web/images/vesta_logo.png and b/web/images/vesta_logo.png differ diff --git a/web/inc/i18n/en.php b/web/inc/i18n/en.php index 39c3bfff..09ae210f 100644 --- a/web/inc/i18n/en.php +++ b/web/inc/i18n/en.php @@ -377,6 +377,7 @@ $LANG['en'] = array( 'ErrorLog' => 'ErrorLog', 'Download AccessLog' => 'Download AccessLog', 'Download ErrorLog' => 'Download ErrorLog', + 'Continent' => 'Continent', 'Country' => 'Country', '2 letter code' => '2 letter code', 'State / Province' => 'State / Province', diff --git a/web/inc/main.php b/web/inc/main.php index f75f9530..f13e4142 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -1,8 +1,5 @@ '); + + $.ajax({ + method: "POST", + url: "/list/firewall/banlist/ip_info.php", + data: { ip: ip, clear_cache: clear_cache, token: token }, + cache: false, + error: function(jqXHR, textStatus, errorThrown) { + result_el.html('GENERAL ERROR
' + errorThrown); + }, + success: function(result_data) { + if (btn_el.find('i').hasClass('fa-times')) { + result_el.html(result_data); + } + } + }); + + btn_el.find('i').removeClass('fa-search').addClass('fa-times'); + } + else { + result_el.html(''); + btn_el.find('i').removeClass('fa-times').addClass('fa-search'); + } + }); + }); +})(jQuery); diff --git a/web/js/fix.js b/web/js/fix.js new file mode 100644 index 00000000..aaf0fa05 --- /dev/null +++ b/web/js/fix.js @@ -0,0 +1,121 @@ +function setCookie(cname, cvalue, exdays) { + var d = new Date(); + d.setTime(d.getTime() + (exdays * 24 * 60 * 60 * 1000)); + var expires = "expires="+d.toUTCString(); + document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/"; +} + +function getCookie(cname) { + var name = cname + "="; + var ca = document.cookie.split(';'); + for(var i = 0; i < ca.length; i++) { + var c = ca[i]; + while (c.charAt(0) === ' ') { + c = c.substring(1); + } + if (c.indexOf(name) === 0) { + return c.substring(name.length, c.length); + } + } + return ""; +} + +function showIoLog(animate) { + //console.log('animate='+animate); + if (animate==0) { + $(".l-content .l-center").css("margin-right", 240); + $(".to-top").css("right", 285); + $(".to-shortcuts").css("right", 330); + $(".right_sidebar").css("right", 0); + //$(".io-log2").css("right", 0); + //$("#myvesta_float").css("margin-right", 280); + } else { + $(".l-content .l-center").animate({"margin-right": 240}); + $(".to-top").animate({"right": 285}); + $(".to-shortcuts").animate({"right": 330}); + $(".right_sidebar").animate({"right": 0}); + //$(".io-log2").animate({"right": 0}); + //$("#myvesta_float").animate({"margin-right": 280}); + } + + /* + $.ajax({url: "/list/log/", success: function(result){ + $( ".io-log div" ).remove(); + $($(result).find('.l-center.units')).insertAfter(".io-log h2"); + $( ".io-log div" ).removeClass(); + }}); + */ +} + +function hideIoLog(animate){ + //console.log('animate='+animate); + if (animate==0) { + $(".l-content .l-center").css("margin-right", 40); + $(".to-top").css("right", 85); + $(".to-shortcuts").css("right", 130); + $(".right_sidebar").css("right", -200); + //$("#myvesta_float").css("margin-right", 100); + } else { + $(".l-content .l-center").animate({"margin-right": 40}); + $(".to-top").animate({"right": 85}); + $(".to-shortcuts").animate({"right": 130}); + $(".right_sidebar").animate({"right": -200}); + //$("#myvesta_float").animate({"margin-right": 100}); + } +} + +function checkCookie() { + iolog = getCookie("iolog"); + //console.log('cookie: "'+iolog+'"'); + if (iolog === '1') { + return 1; + } + if (iolog === '0') { + return 0; + } + if (iolog == '') { + //console.log('cookie is empty'); + return ''; + } +} + +// function getRandomInt(max) { +// return Math.floor(Math.random() * max); +// } +// var randomnumber=getRandomInt(100000000); +var iohtml = '
\n' + + '
'; + +$(document).ready(function(){ + //var sys_height=$(".io-log").height(); + //$(".io-log2").css("top", sys_height+50); + /* + setTimeout(function() { + iolog = getCookie("iolog"); + if (iolog === '0') { + //setCookie("iolog", 0, 365); + hideIoLog(0); + return 0; + } + }, 1); + */ + + //if (GLOBAL.CURRENT_USER_FINAL == 'admin') $(".body-user .l-content > .l-center.units").first().prepend( iohtml ); + + $(".io-log").on("click", function() { + var showlog=checkCookie(); + //console.log('cookie = "'+iolog+'"'); + if (showlog===1 || showlog=='') { + //console.log('cookie is active or empty, calling hidelog()'); + setCookie("iolog", 0, 365); + hideIoLog(1); + } + if (showlog===0) { + //console.log('cookie is inactive, calling showlog()'); + setCookie("iolog", 1, 365); + showIoLog(1); + } + + }); +}); + diff --git a/web/js/init.js b/web/js/init.js index 6c60ff85..06ecc750 100644 --- a/web/js/init.js +++ b/web/js/init.js @@ -31,16 +31,20 @@ $(document).ready(function(){ }); + /* // CREATE BUTTON - - $('.l-sort__create-btn').hover(function(){ - $(".l-sort__create-btn").append("
"); - $(".l-sort__create-btn").append("
"+$('.l-sort__create-btn').attr('title').replace(' ',' ')+"
"); - }, function(){ - $("#add-icon").remove(); - $("#tooltip").remove(); - }); - + if ($(".l-sort__create-btn").length>0) { + //$(".l-sort__create-btn").append("
"); + //$(".l-sort__create-btn").append("
"+$('.l-sort__create-btn').attr('title').replace(' ',' ')+"
"); + $('.l-sort__create-btn').hover(function(){ + $("#tooltip").css('background-color', '#1ca2cc'); + }, function() { + $("#tooltip").css('background-color', '#34b5dd'); + //$("#add-icon").remove(); + //$("#tooltip").remove(); + }); + } + */ // SEARCH BOX diff --git a/web/list/firewall/banlist/ip_info.php b/web/list/firewall/banlist/ip_info.php new file mode 100644 index 00000000..e7888a75 --- /dev/null +++ b/web/list/firewall/banlist/ip_info.php @@ -0,0 +1,164 @@ + 'http://lists.blocklist.de/lists/all.txt', + 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', + 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', + 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', + 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', + 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', + 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', + ]; + $today = date('Y-m-d'); + + foreach ($lists as $code => $url) { + $cache_tag = 'ip-blacklist-' . $code . '-cache'; + + // init cache + if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; + + // invalidate cache if clear_cache parameter is 1 + if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; + + // if cache is not updated, fetch new data and save to cache + if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { + $new_cache_data = fetchURL($url, $url_result); + if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); + $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; + } + + // check ip + $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { + if (str_contains($item, '/')) return cidrMatch($ip, $item); + if ($ip == $item) return true; + return false; + }); + + $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; + $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; + $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; + } + + return $check_results; +} + +// Check token +if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { + die("Wrong token"); +} + +$ip = $_REQUEST['ip']; + +// Validate IP format +if (filter_var($ip, FILTER_VALIDATE_IP) === false) { + die('GENERAL ERROR
BAD_IP_FORMAT'); +} + +// Query host +$host = gethostbyaddr($ip); + +// Query blocklists +$result_blocklists = ''; +$ip_check = checkIP($ip); +if ($ip_check) { + foreach ($ip_check as $list_code => $list_results) { + $result_blocklists .= '
'; + $result_blocklists .= $list_results['found'] ? '' : ''; + $result_blocklists .= ' '.$list_code.' '; + $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; + $result_blocklists .= '
'; + } +} + +// Query location +$url = 'https://api.db-ip.com/v2/free/'.$ip; +$result = fetchURL($url); +$result_array = json_decode($result, true); +if (!is_array($result_array)) { + die('GENERAL ERROR
BAD_JSON'); +} +if (!empty($result_array['errorCode'])) { + die('GENERAL ERROR
'.$result_array['errorCode']); +} + +// Output +echo " +
+
".__('Host')."
+
".$host."
+
".__('Banlist')."
+
".$result_blocklists."
+
".__('Continent')."
+
".$result_array['continentName']." [".$result_array['continentCode']."]
+
".__('Country')."
+
".$result_array['countryName']." [".$result_array['countryCode']."]
+
".__('State / Province')."
+
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
+
".__('City / Locality')."
+
".$result_array['city']."
+
+"; diff --git a/web/login/index.php b/web/login/index.php index 18841344..5de05451 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -1,5 +1,7 @@ - + @@ -107,7 +107,7 @@ - + diff --git a/web/templates/admin/add_web.html b/web/templates/admin/add_web.html index d874be32..77e72239 100644 --- a/web/templates/admin/add_web.html +++ b/web/templates/admin/add_web.html @@ -95,7 +95,7 @@ - + @@ -114,7 +114,7 @@ - + @@ -171,7 +171,7 @@ - + @@ -181,7 +181,7 @@ - + @@ -191,7 +191,7 @@ - + diff --git a/web/templates/admin/edit_backup_exclusions.html b/web/templates/admin/edit_backup_exclusions.html index 819c9244..2c337555 100644 --- a/web/templates/admin/edit_backup_exclusions.html +++ b/web/templates/admin/edit_backup_exclusions.html @@ -50,7 +50,7 @@ - + @@ -60,7 +60,7 @@ - + @@ -70,7 +70,7 @@ - + @@ -80,7 +80,7 @@ - + diff --git a/web/templates/admin/edit_mail_acc.html b/web/templates/admin/edit_mail_acc.html index cf38065d..e11216a2 100644 --- a/web/templates/admin/edit_mail_acc.html +++ b/web/templates/admin/edit_mail_acc.html @@ -86,7 +86,7 @@ - + @@ -96,7 +96,7 @@ - + @@ -119,7 +119,7 @@ - + diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html index 59683b6d..888b081f 100644 --- a/web/templates/admin/edit_server.html +++ b/web/templates/admin/edit_server.html @@ -641,6 +641,17 @@

+ + + + + + + + "> +

+ + @@ -739,7 +750,7 @@ - + @@ -749,7 +760,7 @@ - + diff --git a/web/templates/admin/edit_server_bind9.html b/web/templates/admin/edit_server_bind9.html index 62d9051f..dae145fc 100644 --- a/web/templates/admin/edit_server_bind9.html +++ b/web/templates/admin/edit_server_bind9.html @@ -57,7 +57,7 @@ - + @@ -67,7 +67,7 @@ - + diff --git a/web/templates/admin/edit_server_dovecot.html b/web/templates/admin/edit_server_dovecot.html index f5b4bd27..38ebea60 100644 --- a/web/templates/admin/edit_server_dovecot.html +++ b/web/templates/admin/edit_server_dovecot.html @@ -56,7 +56,7 @@ - + - + @@ -79,7 +79,7 @@ - + @@ -89,7 +89,7 @@ - + @@ -99,7 +99,7 @@ - + @@ -109,7 +109,7 @@ - + @@ -119,7 +119,7 @@ - + @@ -130,7 +130,7 @@ - + @@ -141,7 +141,7 @@ - + diff --git a/web/templates/admin/edit_server_httpd.html b/web/templates/admin/edit_server_httpd.html index c58ae89d..03fca7bb 100644 --- a/web/templates/admin/edit_server_httpd.html +++ b/web/templates/admin/edit_server_httpd.html @@ -57,7 +57,7 @@ - + diff --git a/web/templates/admin/edit_server_mysql.html b/web/templates/admin/edit_server_mysql.html index 8c5325fd..96d2523f 100644 --- a/web/templates/admin/edit_server_mysql.html +++ b/web/templates/admin/edit_server_mysql.html @@ -127,7 +127,7 @@ - + diff --git a/web/templates/admin/edit_server_nginx.html b/web/templates/admin/edit_server_nginx.html index 2267089a..d85c75de 100644 --- a/web/templates/admin/edit_server_nginx.html +++ b/web/templates/admin/edit_server_nginx.html @@ -184,7 +184,7 @@ - + diff --git a/web/templates/admin/edit_server_pgsql.html b/web/templates/admin/edit_server_pgsql.html index 6aca48d4..0b7c65fc 100644 --- a/web/templates/admin/edit_server_pgsql.html +++ b/web/templates/admin/edit_server_pgsql.html @@ -56,7 +56,7 @@ - + @@ -66,7 +66,7 @@ - + diff --git a/web/templates/admin/edit_server_php.html b/web/templates/admin/edit_server_php.html index 16693f81..f2b144df 100644 --- a/web/templates/admin/edit_server_php.html +++ b/web/templates/admin/edit_server_php.html @@ -150,7 +150,7 @@ - + diff --git a/web/templates/admin/edit_server_service.html b/web/templates/admin/edit_server_service.html index 49a81f55..ac92762d 100644 --- a/web/templates/admin/edit_server_service.html +++ b/web/templates/admin/edit_server_service.html @@ -56,7 +56,7 @@ - + diff --git a/web/templates/admin/edit_web.html b/web/templates/admin/edit_web.html index 00600539..b0d79d25 100644 --- a/web/templates/admin/edit_web.html +++ b/web/templates/admin/edit_web.html @@ -82,7 +82,7 @@ - + @@ -172,7 +172,7 @@ - + @@ -218,7 +218,7 @@ - + @@ -228,7 +228,7 @@ - + @@ -238,7 +238,7 @@ - +
- +
diff --git a/web/templates/admin/list_backup_detail.html b/web/templates/admin/list_backup_detail.html index b2f378d0..a5063e1d 100644 --- a/web/templates/admin/list_backup_detail.html +++ b/web/templates/admin/list_backup_detail.html @@ -6,9 +6,9 @@ input[type="checkbox"] {

-
+
- +
@@ -34,7 +34,7 @@ input[type="checkbox"] { -
+
:
@@ -48,9 +48,9 @@ input[type="checkbox"] { ++$i; ?> -
+
-
+
@@ -99,9 +99,9 @@ input[type="checkbox"] { if (!empty($key)) { ?> -
+
-
+
@@ -147,9 +147,9 @@ input[type="checkbox"] { if (!empty($key)) { ?> -
+
-
+
@@ -194,9 +194,9 @@ input[type="checkbox"] { if (!empty($key)) { ?> -
+
-
+
@@ -242,9 +242,9 @@ input[type="checkbox"] { if (!empty($key)) { ?> -
+
-
+
@@ -290,9 +290,9 @@ input[type="checkbox"] { if (!empty($key)) { ?> -
+
-
+
@@ -329,9 +329,9 @@ input[type="checkbox"] { -
+
-
+
diff --git a/web/templates/admin/list_backup_exclusions.html b/web/templates/admin/list_backup_exclusions.html index efaaa450..2093278f 100644 --- a/web/templates/admin/list_backup_exclusions.html +++ b/web/templates/admin/list_backup_exclusions.html @@ -1,6 +1,6 @@
- +
diff --git a/web/templates/admin/list_cron.html b/web/templates/admin/list_cron.html index 4bea20c0..e6bec6b6 100644 --- a/web/templates/admin/list_cron.html +++ b/web/templates/admin/list_cron.html @@ -1,6 +1,6 @@
- +
'; + echo ''; } if($pgsql){ - echo ''; + echo ''; } ?>
phpMyAdminphpMyAdminphpPgAdminphpPgAdmin diff --git a/web/templates/admin/list_dns.html b/web/templates/admin/list_dns.html index 5ce29219..57a0d57e 100644 --- a/web/templates/admin/list_dns.html +++ b/web/templates/admin/list_dns.html @@ -1,6 +1,6 @@
- +