diff --git a/.gitignore b/.gitignore index fe0574ad..6701a887 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,3 @@ *.gz .vscode .DS_Store -data -conf -log \ No newline at end of file diff --git a/Changelog.md b/Changelog.md index 617bc9c3..e139e122 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,111 +1,32 @@ -Version 0.9.9-0-13 [2025-08-15] +Version 0.9.9-0-5 [08-Oct-2023] ================================================== -* Improvement: Activating FileManager licence for all users (credits to Official VestaCP) -* Introducing a malware cleaning set of tools: v-install-wordfence-cli, v-desinfect-wordpress, v-fix-wordpress-core, v-change-database-password-for-wordpress, v-change-wordpress-admin-passwords, v-delete-inactive-wordpress-plugins-and-themes, v-delete-wordpress-uploads-php-files) (credits to isscbta) -* Improvement: Added support for PHP 8.3 and 8.4 -* SRS support for Exim4 (v-add-srs-support-to-exim) (credits to HestiaCP) -* Security: Ensuring that PHP files are visible only to the account they belong to - setting chmod 600 for all .php and .env files (also added as admin cronjob - v-fix-website-permissions-for-all-websites-only-php) -* Added cronjob for disk usage snapshot (size of each folder) to see what folder is growing every day (v-df-snapshot-make, v-df-snapshot-diff [some-day-snapshot] [some-other-day-snapshot]) -* Bugfix: SSL fix for Apache 2.4.65+ (fix for '421 Misdirected Request') -* Bugfix: vst-install-debian.sh: ability to install MySQL 8 on Debian 12 -* Improvement: Update nginx block-firewall.conf when user blocks 80,443 ports for some IPv4 address in the Firewall section of the admin panel -* Improvement: v-install-wordpress: Support for IDN format domains -* Security: Adding ProFTPD jail rule to Fail2Ban -* Introducing: v-make-main-apache-log - making one log file for PHP requests for all websites -* Security: Introducing a new command: v-fix-php-ini-disable-functions -* Improvement: Introducing myVesta rules for SpamAssassin (enhancing spam filtering) -* Improvement: When deleting a domain, also delete the database if the domain has a database -* Bugfix: Removing temporary Docker container network interfaces from RRD -* Introducing v-run-wp-cli-myvesta that knows the correct terminal width -* Introducing a new command: v-cd-www alias for v-change-dir-www -* Introducing a new command: v-clear-fail2ban -* Introducing a new command: v-get-dns-config (to print zone file in bind9 format) -* Introducing a DISABLE_IP_CHECK as vesta.conf variable (if logged-in user is getting a new IPv4 address every minute) -* Security: Introducing a parse_object_kv_list_non_eval() function in main.sh, to avoid the evil eval command -* Security: Enhance package validation, in v-change-user-package 'eval' replaced with 'parse_object_kv_list_non_eval' -* Improvement: Replacing all WordPress scripts to use 'v-run-wp-cli' instead of 'wp' -* Improvement: v-install-wordpress: Almost always use https -* Improvement: Skip the prompt to continue during myVesta installation if the administrator has set all required variables in the command line -* Security: Jailing v-run-wp-cli (running WP-CLI as user, added open_basedir, disabling shell_exec() and other dangerous PHP functions) -* Security: v-commander: removing the ability to set a root password -* Bugfix: DKIM record deletion command in v-delete-mail-domain-dkim script -* Adding FTP / SFTP port for Remote Backup (credits to ikheetjeff) -* Introducing a new command: v-delete-mails - delete emails older than N days (credits to isscbta) -* Introducing new commands: v-blacklist-email-domain, v-blacklist-email-account, v-whitelist-email-domain, v-whitelist-email-account (credits to isscbta) -* Bugfix: v-move-folder-and-make-symlink: use 'mv' instead of 'rsync' -* Improvement: Calculate the size of directories on /hdd too -* Bugfix: v-move-domain-and-database-to-account: Update wordfence-waf.php -* Bugfix: v-add-letsencrypt-domain: Detecting valid status on wildcard variant -* Bugfix: db.sh and v-clone-website: mysqldump --max_allowed_packet=1024M -* Bugfix: web/index.php: Prevent recreation of token by shitty browser add-ons -* Bugfix: v-restore-user: permissions fix while restoring backup -* Bugfix: Add some loops due to 403 errors during LE request in some random cases -* Improvement: v-clone-website: adding --EXCLUDE_UPLOADS parameter -* Bugfix: vst-install-debian.sh - removing phppgadmin -* Bugfix: v-update-firewall: $FIREWALL_STATEFUL conf variable (for Infomaniak VPS servers) -* Bugfix: Awstats template for all systems does not have a closed bracket in line 27 (credits to gkirde) -* Bugfix: Update v-import-cpanel-backup - removing /*!999999\- enable the sandbox mode */ -* Bugfix: Small PHP syntax fixes in the admin panel -* Introducing nginx template 'wprocket-webp-express-force-https' (credits to Luka Paunovic) -* Improvement: Added functions to check if a domain or user is unsuspended in main.sh -* Introducing a new command: v-update-document-errors-files -* Improvement: new v-backup-user-now command does backup even if the system Load Average is above the limit, or the administrator configured backups to perform only at night -* Improvement: v-install-wp-cli and v-install-wp-cli-myvesta - automatically updates if wp-cli is 30 days old -* Bugfix: Check for SSL certificate existence before deleting web domain SSL in v-install-unsigned-ssl -* Improvement: v-install-wordpress: avoid changing nginx proxy template in apache-less variant -* Added to .gitignore excludes for 'data', 'conf', and 'log' folders -* And many other minor bugfixes and improvements... +* Many bugfixes -Version 0.9.9-0-12 [2025-02-28] -================================================== -* SpamHaus DNSBL removed from exim4 -* A lot of small bugs fixed - -Version 0.9.9-0-11 [2024-05-30] -================================================== -* Introducing v-run-wp-cli command ( @isscbta ) -* Introducing v-add-wordpress-admin command ( @isscbta ) -* Few bugs fixed - -Version 0.9.9-0-10 [2024-04-11] -================================================== -* Introducing v-edit-php-ini command ( @isscbta ) -* Introducing v-edit-domain-php-ini command ( @isscbta ) - -Version 0.9.9-0-9 [2024-04-05] -================================================== -* Get quick info about a banned IP (Host, Banlist, Location) (many thanks to @VasilisParaschos ) -* Few bugs fixed - -Version 0.9.9-0-5 to 0.9.9-0-8 -================================================== -* Few bugs fixed - -Version 0.9.9-0-4 [2023-06-27] +Version 0.9.9-0-4 [27-Jun-2023] ================================================== * Support for Debian 12 ( in mutual cooperation with @HestiaCP ) -Version 0.9.9-0-2 [2023-06-12] +Version 0.9.9-0-2 [12-Jun-2023] ================================================== * Hosting panel UI perfomance fix -Version 0.9.9-0 [2023-06-05] +Version 0.9.9-0 [05-Jun-2023] ================================================== * Redesign of hosting panel * Fix for WP_CACHE_KEY_SALTs in v-clone-website command * Fix for "Helo name contains a ip address" in Exim4 * Fix for Exim4 for punycode domains (in collaboration with @HestiaCP ) -Version 0.9.8-26-62 [2023-04-05] +Version 0.9.8-26-62 [05-Apr-2023] ================================================== * Fix for LetsEncrypt Asynchronous Order Finalization (in collaboration with @HestiaCP ) -Version 0.9.8-26-61 [2023-04-04] +Version 0.9.8-26-61 [04-Apr-2023] ================================================== * Many bugfixes * Hotfix for LetsEncrypt to prevent Apache falling -Version 0.9.8-26-60 [2023-02-12] +Version 0.9.8-26-60 [12-Feb-2023] ================================================== * New script: v-commander (useful for maintaining the server) * New script: v-activate-rocket-nginx (serve WP-Rocket cache directly from nginx) @@ -113,7 +34,7 @@ Version 0.9.8-26-60 [2023-02-12] * v-clone-website: By default cloning to database: user_domain_com (instead of cloning to database: user_old_db_migrated) * Many minor bugfixes -Version 0.9.8-26-59 [2023-02-01] +Version 0.9.8-26-59 [01-Feb-2023] ================================================== * Support for PHP 8.2 * New script: v-move-folder-and-make-symlink @@ -121,82 +42,82 @@ Version 0.9.8-26-59 [2023-02-01] * v-install-wordpress: Installing WordPress to user_domain_com database instead of installing to user_wp database * Many minor bugfixes -Version 0.9.8-26-58 [2022-07-12] +Version 0.9.8-26-58 [12-Jul-2022] ================================================== * [Security] hash_equals() in /reset/mail/ (credits to @divinity76 ) * Avoid out-of-memory while downloading large log files from panel (credits to @divinity76 ) * Fix for an boring PHP Notice in vesta-php -Version 0.9.8-26-57 [2022-07-06] +Version 0.9.8-26-57 [06-Jul-2022] ================================================== * Fix for GMail SMTP timeouts on Debian11 * [Security] Fix for Local Sed Injection Vulnerability ( credits to @cleemy-desu-wayo ) -Version 0.9.8-26-56 [2022-05-28] +Version 0.9.8-26-56 [28-May-2022] ================================================== * Adding Barracuda RBL to SpamAssassin * Fixing insane HTML form bug in List backup items page * Script for easy adding second IP address for SMTP authenticated users only (v-make-separated-ip-for-email) -Version 0.9.8-26-55 [2022-04-26] +Version 0.9.8-26-55 [26-Apr-2022] ================================================== * Support for MySQL 8 * [Security] Preventing brute-force resetting password (thanks to HestiaCP @hestiacp for fix) * Many minor bugfixes -Version 0.9.8-26-54 [2021-12-17] +Version 0.9.8-26-54 [17-Dec-2021] ================================================== * Checking if FreshClam is started after installation -Version 0.9.8-26-53 [2021-12-12] +Version 0.9.8-26-53 [12-Dec-2021] ================================================== * Support for PHP 8.1 * Function to ensure that pool.d folders are not empty -Version 0.9.8-26-52 [2021-11-23] +Version 0.9.8-26-52 [23-Nov-2021] ================================================== * Fix for not to match wildcard "*domains" and "databases*" while restoring * Added memcached to v-list-sys-services -Version 0.9.8-26-51 [2021-11-14] +Version 0.9.8-26-51 [14-Nov-2021] ================================================== * Many fixes for "List services" page (v-list-sys-services function) -Version 0.9.8-26-50 [2021-11-07] +Version 0.9.8-26-50 [07-Nov-2021] ================================================== * Many small bugfixes and CSRF fixes -Version 0.9.8-26-49 [2021-07-17] +Version 0.9.8-26-49 [17-Jul-2021] ================================================== * Support for Debian 11 -Version 0.9.8-26-48 [2021-07-11] +Version 0.9.8-26-48 [11-Jul-2021] ================================================== * Fixed two bugs in LetsEncrypt generating process -Version 0.9.8-26-47 [2021-05-30] +Version 0.9.8-26-47 [30-May-2021] ================================================== * Enabling TLS for ProFTPD FTPS * More logical "Restore backup" template -Version 0.9.8-26-46 [2021-04-17] +Version 0.9.8-26-46 [17-Apr-2021] ================================================== * [Feature] Updating CloudFlare IP addresses -Version 0.9.8-26-45 [2021-04-13] +Version 0.9.8-26-45 [13-Apr-2021] ================================================== * [Feature] Logging whole LetsEncrypt process to /usr/local/vesta/log/letsencrypt.log and /usr/local/vesta/log/letsencrypt_cron.log * [Feature] Warn admin once (by sending email) if LetsEncrypt renewing failed for server hostname * [Bugfix] Correct truncating of CA LetsEncrypt certificate (thanks to HestiaCP @hestiacp for fix) -Version 0.9.8-26-44 [2021-04-04] +Version 0.9.8-26-44 [04-Apr-2021] ================================================== * [Security] Preventing denial-of-service in openssl library in vesta-nginx service (CVE-2021-3449) * [Security] Preventing admin to install non-vesta packages from vesta admin panel user interface (Credits to: Numan Türle @numanturle) * [Bugfix] Preventing multiple execution of v-backup-users * [UserInterface] CSS fix for Apache status table (Credits to: Milos Spasic) -Version 0.9.8-26-43 [2021-03-15] +Version 0.9.8-26-43 [15-Mar-2021] ================================================== * [Security] fix for: CSRF remote code execution in UploadHandler.php - CVE-2021-28379 (Credits to: Fady Osman @fady_othman) * [Security] fix for: Local privilege escalation from user account to admin account via v-add-web-domain (Credits to: Two independent security researchers, Marti Guasch Jiménez and Francisco Andreu Sanz, working with the SSD Secure Disclosure program) (and also thanks to HestiaCP @hestiacp for fix) @@ -206,62 +127,62 @@ Version 0.9.8-26-43 [2021-03-15] * [Security] fix for: Admin to root escalation in v-activate-vesta-license (Credits to: Numan Türle @numanturle) * [Security] Ensure HTML will not be displayed in list log page (Credits to: Kristan Kenney @kristankenney, thanks to HestiaCP @hestiacp for fix) -Version 0.9.8-26-42 [2021-02-26] +Version 0.9.8-26-42 [26-Feb-2021] ================================================== * [Feature] Support for PHP 8.0, see: https://forum.myvestacp.com/viewtopic.php?f=18&t=52 * [Bugfix] Making sure Apache is in mpm_event mode -Version 0.9.8-26-41 [2021-02-11] +Version 0.9.8-26-41 [11-Feb-2021] ================================================== * Few bugfixes -Version 0.9.8-26-40 [2021-02-08] +Version 0.9.8-26-40 [08-Feb-2021] ================================================== * Few bugfixes -Version 0.9.8-26-39 [2020-12-12] +Version 0.9.8-26-39 [12-Dec-2020] ================================================== * [Security] Fixing useless issue with tokens in "download backup" and "loginas" functions (thanks to HestiaCP for fixes) * [Security] Fixing XSS in /list/rrd/?period= value -Version 0.9.8-26-38 [2020-12-05] +Version 0.9.8-26-38 [05-Dec-2020] ================================================== * [Security] Fixing Apache status public access (thanks to HestiaCP for letting us know) -Version 0.9.8-26-37 [2020-10-26] +Version 0.9.8-26-37 [26-Oct-2020] ================================================== * [Bugfix] Fixing LetsEncrypt deprecated GET method for ACME v2 (thanks to @moucho) * [Bugfix] Fixing Roundcube to send via authenticated SMTP user instead via php -Version 0.9.8-26-36 [2020-09-10] +Version 0.9.8-26-36 [10-Sep-2020] ================================================== * [Bugfix] Checking necessary available disk space before doing backup * [Security] Disabling login with 'root' -Version 0.9.8-26-35 [2020-08-23] +Version 0.9.8-26-35 [23-Aug-2020] ================================================== * [Feature] Limiting max recipients per email to 15, in order to prevent mass spamming * [Bugfix] While restoring backup, only exclude logs folder from root, not in public_html -Version 0.9.8-26-34 [2020-08-19] +Version 0.9.8-26-34 [19-Aug-2020] ================================================== * [Bugfix] Split long DNS TXT entries into 255 chunks -Version 0.9.8-26-33 [2020-08-16] +Version 0.9.8-26-33 [16-Aug-2020] ================================================== * [Feature] Ability to set some domain to send emails from another IP (command: v-make-separated-ip-for-email-domain) -Version 0.9.8-26-32 [2020-08-02] +Version 0.9.8-26-32 [02-Aug-2020] ================================================== * [Feature] v-replace-in-file command introduced * [Security] Making sure new myVesta commands can be called only by root -Version 0.9.8-26-31 [2020-07-30] +Version 0.9.8-26-31 [30-Jul-2020] ================================================== * [Feature] v-import-cpanel-backup command moved to vesta-bin folder (becoming standard myVesta command) * Starting to log auto-update output -Version 0.9.8-26-30 [2020-07-26] +Version 0.9.8-26-30 [26-Jul-2020] ================================================== * New ASCII logo in installer * Deleted favicon when user don't know secret-url of hosting panel @@ -269,14 +190,14 @@ Version 0.9.8-26-30 [2020-07-26] * [bugfix] Minor fix of URL for templates in v-update-dns-templates * [bugfix] Minor fixes in installer -Version 0.9.8-26-29 [2020-07-21] +Version 0.9.8-26-29 [21-Jul-2020] ================================================== * [Feature] v-clone-website command moved to vesta-bin folder (becoming standard myVesta command) * [Feature] v-migrate-site-to-https command moved to vesta-bin folder (becoming standard myVesta command) * [Bugfix] Fix for ClamAV socket * Changing Vesta to myVesta in title of hosting panel pages -Version 0.9.8-26-28 [2020-07-15] +Version 0.9.8-26-28 [15-Jul-2020] ================================================== * [Feature] v-install-wordpress command introduced * [Feature] v-move-domain-and-database-to-account command introduced @@ -284,37 +205,37 @@ Version 0.9.8-26-28 [2020-07-15] * [Bugfix] Fix for LetsEncrypt issuing in apache-less variant (nginx + php-fpm variant) * [Bugfix] Fix for configuring phpMyAdmin DB in apache-less variant (nginx + php-fpm variant) -Version 0.9.8-26-27 [2020-07-05] +Version 0.9.8-26-27 [05-Jul-2020] ================================================== * [Feature] Admins now see changelog when they open myVesta panel after myVesta get updated (changelog will dissapear on next refresh) * [Bugfix] Better control of opened SMTP concurrent connections (preventing denial-of-service of SMTP) on fresh installed servers - https://github.com/myvesta/vesta/commit/c57b15b5daca2a0ea88ee6a89a2ff5a4ef47d2a3 * Second tuning of php-fpm pool.d config files (perfomances and limits) -Version 0.9.8-26-26 [2020-06-27] +Version 0.9.8-26-26 [27-Jun-2020] ================================================== * [Feature] Self-signed SSL will be automaticaly added when you add new domain (CloudFlare is fine with that, you don't need LetsEncrypt anymore if you use CloudFlare as reverse-proxy(CDN+Firewall), just set "Full" in SSL section on CloudFlare) * [Feature] Script for adding self-signed SSL to desired domain [v-install-unsigned-ssl] * From now, on fresh installed server, default backup cron goes at Saturday at 01 AM (instead of everyday at 05 AM) * New favicon for hosting panel -Version 0.9.8-26-25 [2020-06-23] +Version 0.9.8-26-25 [23-Jun-2020] ================================================== * [Security] Fixing unnecessary slash in nginx configs for phpmyadmin and roundcube (Credits to Bernardo Berg @bberg1984 for finding this issue!) * [Security] Adding escapeshellarg on few more places in php code (Credits to Talha Günay and @Lupul for finding these places) -Version 0.9.8-26-24 [2020-06-22] +Version 0.9.8-26-24 [22-Jun-2020] ================================================== * [Bugfix] nginx + php-fpm installer variant now finally works -Version 0.9.8-26-23 [2020-06-14] +Version 0.9.8-26-23 [14-Jun-2020] ================================================== * Adding label that LetsEncrypt can be added when you Edit domain -Version 0.9.8-26-22 [2020-06-13] +Version 0.9.8-26-22 [13-Jun-2020] ================================================== * [Bugfix] Checking (in order to delete) php7.4 pool config file while deleting domain -Version 0.9.8-26-21 [2020-06-13] +Version 0.9.8-26-21 [13-Jun-2020] ================================================== * [Feature] Blocking executable files inside archives in received emails (ClamAV) * [Bugfix] Removing ability to schedule LetsEncrypt issuing while adding new domain (because it can fall in infinite loop whole day) @@ -323,82 +244,82 @@ Version 0.9.8-26-21 [2020-06-13] * [Bugfix] Script that removes depricated 'ssl on;' in nginx templates * [Security] Ensure UPDATE_SSL_SCRIPT is not set in some config files -Version 0.9.8-26-20 [2020-06-01] +Version 0.9.8-26-20 [01-Jun-2020] ================================================== * [Bugfix] Script that will ensure that Apache2 will always stay in mpm_event mode * [Bugfix] Ensure config files will not be overwritten while updating vesta-nginx package * [Bugfix] Fixing URL in v-update-web-templates script * [Feature] Additional rates for nginx anti-denial-of-service templates -Version 0.9.8-26-19 [2020-05-15] +Version 0.9.8-26-19 [15-May-2020] ================================================== * [Bugfix] Do not match subdomains while restoring domain [v-restore-user] -Version 0.9.8-26-18 [2020-05-15] +Version 0.9.8-26-18 [15-May-2020] ================================================== * [Bugfix] Fixing NS parameters in v-add-dns-on-web-alias -Version 0.9.8-26-17 [2020-05-15] +Version 0.9.8-26-17 [15-May-2020] ================================================== * [Bugfix] Reverting default clamav socket path * [Bugfix] Put mail_max_userip_connections = 50 in dovecot -Version 0.9.8-26-16 [2020-05-15] +Version 0.9.8-26-16 [15-May-2020] ================================================== * [Bugfix] Allow quick restarting of nginx if acme-challenge should be added many times * [Bugfix] Enabling email notification to fresh installed servers about backup success status * [Bugfix] Timeout 10 sec for apache2 status -Version 0.9.8-26-15 [2020-05-09] +Version 0.9.8-26-15 [09-May-2020] ================================================== * [Feature] nginx templates that can prevent denial-of-service on your server * First tuning php-fpm pool.d config files (perfomances and limits) * New logo -Version 0.9.8-26-14 [2020-05-08] +Version 0.9.8-26-14 [08-May-2020] ================================================== * v-clone-website script switched to parameters * Display new version in console while updating myVesta -Version 0.9.8-26-13 [2020-05-07] +Version 0.9.8-26-13 [07-May-2020] ================================================== * [Feature] Put build date and version in right-bottom corner of control panel -Version 0.9.8-26-12 [2020-05-07] +Version 0.9.8-26-12 [07-May-2020] ================================================== * [Feature] Put build date and version while compiling myVesta * [Feature] Office365 DNS template * [Feature] Yandex DNS template * ProFTPD MaxIstances = 100 for fresh installed servers -Version 0.9.8-26-11 [2020-05-01] +Version 0.9.8-26-11 [01-May-2020] ================================================== * [Feature] Skipping LE renewing after 7 failed attempts * [Bugfix] Keep conf files during auto-update * [Bugfix] Do not restart apache while preparing letsencrypt acme challenge * [Bugfix] Set ALLOW_BACKUP_ANYTIME='yes' for fresh installed servers -Version 0.9.8-26-10 [2020-04-11] +Version 0.9.8-26-10 [11-Apr-2020] ================================================== * [Feature] Creating v-normalize-restored-user script (normalize NS1, NS2 and IP of account that is backuped on other server and restored on this server) * Tweak for hostname FPM conf * [Security] Forbid changing root password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com) * [Security] Importing system enviroment in v-change-user-password (Credits to Alexandre ZANNI, Orange Cyberdefense, https://cyberdefense.orange.com) -Version 0.9.8-26-9 [2020-03-23] +Version 0.9.8-26-9 [23-Mar-2020] ================================================== * [Security] Preventing manipulation with $SERVER['HTTP_HOST'] (Credits to @mdisec - Managing Partner of PRODAFT / INVICTUS A.Ş. Master ninja at pentest.blog) -Version 0.9.8-26-8 [2020-03-23] +Version 0.9.8-26-8 [23-Mar-2020] ================================================== * [Security] Temporary fix for parsing backup conf (Credits to @dreiggy - https://pentest.blog/vesta-control-panel-second-order-remote-code-execution-0day-step-by-step-analysis/) -Version 0.9.8-26-7 [2020-03-18] +Version 0.9.8-26-7 [18-Mar-2020] ================================================== * [Bugfix] Fix that avoid LetsEncrypt domain validation timeout * [Bugfix] Set timeout in v-list-sys-web-status script -Version 0.9.8-26-6 [2020-02-21] +Version 0.9.8-26-6 [21-Feb-2020] ================================================== * [Bugfix] mail-wrapper.php from now works * [Feature] Introducing NOTIFY_ADMIN_FULL_BACKUP, email notification about backup success status @@ -406,7 +327,7 @@ Version 0.9.8-26-6 [2020-02-21] * [Feature] Introducing force-https-webmail-phpmyadmin nginx template * [Feature] Trigger for /root/update_firewall_custom.sh -Version 0.9.8-26-5 [2020-02-10] +Version 0.9.8-26-5 [10-Feb-2020] ================================================== * [Security] sudoers fix for Debian10 * [Feature] [Script that will migrate your site from http to https, replacing http to https URLs in database](https://github.com/myvesta/vesta/blob/master/src/deb/for-download/tools/v-migrate-site-to-https) @@ -415,7 +336,7 @@ Version 0.9.8-26-5 [2020-02-10] * [Bugfix] Roundcube force https * [Bugfix] Exim compatibility with Loopia for Debian10 -Version 0.9.8-26-4 [2020-01-07] +Version 0.9.8-26-4 [07-Jan-2020] ================================================== * [Feature] Allow whitelisting specific IP for /api/ * [Feature] Allow whitelisting specific IP to avoid secret_url @@ -423,11 +344,11 @@ Version 0.9.8-26-4 [2020-01-07] * [Bugfix] apparmor install fix again * [Bugfix] Turning off MariaDB SQL strict mode -Version 0.9.8-26-3 [2019-11-26] +Version 0.9.8-26-3 [26-Nov-2019] ================================================== * [Bugfix] Better check if session cron already added -Version 0.9.8-26-2 [2019-11-15] +Version 0.9.8-26-2 [15-Nov-2019] ================================================== * [Feature] Support for sub-sub-sub-sub versions :)) * [Bugfix] Support for longer username of email accounts @@ -435,7 +356,7 @@ Version 0.9.8-26-2 [2019-11-15] * [Bugfix] Trying to fix ClamAV broken socket * Moving to myvestacp.com -Version 0.9.8-26 [2019-09-28] +Version 0.9.8-26 [28-Sep-2019] ================================================== * [Bugfix] Let's Encrypt HTTP/2 support (by @serghey-rodin) * [Bugfix] Fixing broken autoreply output diff --git a/bin/v-activate-rocket-nginx b/bin/v-activate-rocket-nginx index 8b562c9b..bd4145cc 100644 --- a/bin/v-activate-rocket-nginx +++ b/bin/v-activate-rocket-nginx @@ -75,20 +75,18 @@ fi # Changing Proxy Template # Check if the proxy template is already set correctly current_template=$(/usr/local/vesta/bin/v-list-web-domain $user $domain | grep 'PROXY:' | awk '{print $2}') -if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ] || [ "$current_template" == "wprocket-webp-express-force-https" ]; then +if [ "$current_template" == "wprocket-force-https" ] || [ "$current_template" == "wprocket-hosting" ]; then echo "Proxy Template is already set up correctly" else # Prompt the user to choose whether to force HTTPS or not - echo "Do you want to use wprocket-hosting template, wprocket-force-https template or wprocket-webp-express-force-https template (h/f/w):" + echo "Do you want to force-https in your Proxy Template or not (y/n):" read answer # Change the proxy template based on the user's choice - if [ "$answer" == "h" ]; then - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting" - elif [ "$answer" == "f" ]; then + if [ "$answer" == "y" ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-force-https" - elif [ "$answer" == "w" ]; then - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-webp-express-force-https" + else + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "wprocket-hosting" fi echo "Proxy Template is ready" @@ -128,7 +126,7 @@ else chown $user:$user /home/$user/web/$domain/cron.log case $fpm_ver in - 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2 | 8.3) + 5.6 | 7.0 | 7.1 | 7.2 | 7.3 | 7.4 | 8.0 | 8.1 | 8.2) /usr/local/vesta/bin/v-add-cron-job "$user" "*/15" "*" "*" "*" "*" "cd /home/$user/web/$domain/public_html; /usr/bin/php$fpm_ver wp-cron.php >/home/$user/web/$domain/cron.log 2>&1" ;; esac diff --git a/bin/v-add-firewall-ban b/bin/v-add-firewall-ban index 80143132..a1eed13e 100755 --- a/bin/v-add-firewall-ban +++ b/bin/v-add-firewall-ban @@ -72,13 +72,6 @@ $iptables -I fail2ban-$chain 1 -s $ip \ # Changing permissions chmod 660 $conf -# nginx deny rules conf -if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then - if ! grep -q "deny $ip;" /etc/nginx/conf.d/block.conf; then - echo "deny $ip;" >> /etc/nginx/conf.d/block.conf - systemctl reload nginx - fi -fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-add-firewall-rule b/bin/v-add-firewall-rule index b815778b..6fb867d3 100755 --- a/bin/v-add-firewall-rule +++ b/bin/v-add-firewall-rule @@ -83,16 +83,6 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall -if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then - if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then - touch /etc/nginx/conf.d/block-firewall.conf - if ! grep -q "deny $ip;" /etc/nginx/conf.d/block-firewall.conf; then - echo "deny $ip;" >> /etc/nginx/conf.d/block-firewall.conf - systemctl restart nginx - fi - fi -fi - #----------------------------------------------------------# # Vesta # diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index a7c7fbb8..1f1f5a6e 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -154,11 +154,6 @@ for identifier in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do done payload=$(echo "$payload"|sed "s/,$//") payload=$payload']}' -# validation='pending' -# # Start counter to avoid infinite loop -# i=0 -# while [ "$validation" = 'pending' ]; do -# echo "[$(date)] : ----------------------- step 2 loop, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : payload=$payload" >> /usr/local/vesta/log/letsencrypt.log echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log answer=$(query_le_v2 "$url" "$payload" "$nonce") @@ -173,19 +168,10 @@ order=$(echo -e "$answer" | grep -i location | cut -f2 -d \ | tr -d '\r\n') echo "[$(date)] : order=$order" >> /usr/local/vesta/log/letsencrypt.log status=$(echo "$answer" |grep HTTP/ |tail -n1 |cut -f2 -d ' ') echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log -validation=$(echo "$answer" | grep 'status":' | cut -f4 -d '"') -echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 201 ]]; then echo "[$(date)] : EXIT=Let's Encrypt new auth status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt new auth status $status" fi -# # Exit the loop after 5 attempts -# i=$((i + 1)) -# if [ $i -gt 5 ]; then -# break -# fi -# sleep 2 -# done # Requesting authorization token / STEP 3 echo "[$(date)] : --- Requesting authorization token / STEP 3 ---" >> /usr/local/vesta/log/letsencrypt.log @@ -290,35 +276,19 @@ for auth in $authz; do # Doing pol check on status i=1 while [ "$validation" = 'pending' ]; do - i=0 - while true; do - echo "[$(date)] : ----------------------- Doing pol check on status, counter \$i=$i -----------------------" >> /usr/local/vesta/log/letsencrypt.log - payload='{}' - echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log - answer=$(query_le_v2 "$url" "$payload" "$nonce") - echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log - url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") - echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log - validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") - echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log - nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') - echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log - status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') - echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log - if [[ $(echo "$answer" | grep 'addressesResolved') != "" ]]; then - break - fi - if [ "$wildcard" = 'yes' ]; then - if [[ $(echo "$answer" | grep '"status": "valid"') != "" ]]; then - break - fi - fi - i=$((i + 1)) - if ((i > 30)); then - break - fi - sleep 2 - done + echo "[$(date)] : - Doing pol check on status" >> /usr/local/vesta/log/letsencrypt.log + payload='{}' + echo "[$(date)] : query_le_v2 \"$url\" \"$payload\" \"$nonce\"" >> /usr/local/vesta/log/letsencrypt.log + answer=$(query_le_v2 "$url" "$payload" "$nonce") + echo "[$(date)] : answer=$answer" >> /usr/local/vesta/log/letsencrypt.log + url2=$(echo "$answer" |grep -A3 $proto |grep url |cut -f 4 -d \") + echo "[$(date)] : url2=$url2" >> /usr/local/vesta/log/letsencrypt.log + validation=$(echo "$answer"|grep -A1 $proto |tail -n1|cut -f4 -d \") + echo "[$(date)] : validation=$validation" >> /usr/local/vesta/log/letsencrypt.log + nonce=$(echo "$answer" |grep -i nonce |cut -f2 -d \ |tr -d '\r\n') + echo "[$(date)] : nonce=$nonce" >> /usr/local/vesta/log/letsencrypt.log + status=$(echo "$answer"|grep HTTP/ |tail -n1 |cut -f 2 -d ' ') + echo "[$(date)] : status=$status" >> /usr/local/vesta/log/letsencrypt.log if [[ "$status" -ne 200 ]]; then echo "[$(date)] : EXIT=Let's Encrypt validation status $status" >> /usr/local/vesta/log/letsencrypt.log check_result $E_CONNECT "Let's Encrypt validation status $status" diff --git a/bin/v-add-srs-support-to-exim b/bin/v-add-srs-support-to-exim deleted file mode 100644 index 4b7789ea..00000000 --- a/bin/v-add-srs-support-to-exim +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -gen_pass() { - MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - if [ -z "$1" ]; then - LENGTH=32 - else - LENGTH=$1 - fi - while [ ${n:=1} -le $LENGTH ]; do - PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" - let n+=1 - done - echo "$PASS" -} - -eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') -if (( $(echo "$eximversion < 4.96" | bc -l) )); then - echo "= ERROR: Exim SRS support requires Exim 4.96 or higher." - echo "You have Exim $eximversion" - exit 1; -fi - -echo "=== Addind SRS support to Exim4 ===" -# SRS support is taken from HestiaCP - -if [ ! -f "/etc/exim4/srs.conf" ]; then - echo "= Generating SRS KEY" - srs=$(gen_pass 16) - echo $srs > /etc/exim4/srs.conf - chmod 640 /etc/exim4/srs.conf - chown root:Debian-exim /etc/exim4/srs.conf -fi - -if [ ! -f "/etc/exim4/exim4.conf.template.backup-without-srs" ]; then - echo "= Backing up /etc/exim4/exim4.conf.template" - cp /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template.backup-without-srs -fi - -if ! /usr/local/vesta/bin/v-grep 'SRS_SECRET = ' '/etc/exim4/exim4.conf.template' '-q'; then - echo "= Adding: SRS_SECRET = readfile /etc/exim4/srs.conf" - v-sed 'smtputf8_advertise_hosts =' 'smtputf8_advertise_hosts =\n\nSRS_SECRET = ${readfile{/etc/exim4/srs.conf}}' '/etc/exim4/exim4.conf.template' -fi - -if ! /usr/local/vesta/bin/v-grep 'if outbound, and forwarding has been done, use an alternate transport' '/etc/exim4/exim4.conf.template' '-q'; then - echo "= Patching \"dnslookup:\" block" - /usr/local/vesta/bin/v-php-func "replace_in_file_once_between_including_borders" "/etc/exim4/exim4.conf.template" 'dnslookup:' ' no_more' 'dnslookup:\n driver = dnslookup\n # if outbound, and forwarding has been done, use an alternate transport\n domains = ! +local_domains\n transport = ${if eq {$local_part@$domain} \\n {$original_local_part@$original_domain} \\n {remote_smtp} {remote_forwarded_smtp}}\n no_more' -fi - -if ! /usr/local/vesta/bin/v-grep 'inbound_srs:' '/etc/exim4/exim4.conf.template' '-q'; then - echo "= Adding \"inbound_srs\" and \"inbound_srs_failure\" blocks" - v-sed 'aliases:' 'inbound_srs:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which are converted to SRS, and decode them\n condition = ${if inbound_srs {$local_part} {SRS_SECRET}}\n data = $srs_recipient\n\ninbound_srs_failure:\n driver = redirect\n senders = :\n domains = +local_domains\n # detect inbound bounces which look converted to SRS but are invalid\n condition = ${if inbound_srs {$local_part} {}}\n allow_fail\n data = :fail: Invalid SRS recipient address\n\naliases:' '/etc/exim4/exim4.conf.template' -fi - -if ! /usr/local/vesta/bin/v-grep 'remote_forwarded_smtp:' '/etc/exim4/exim4.conf.template' '-q'; then - echo "= Adding \"remote_forwarded_smtp:\" block" - v-sed 'procmail:\n driver = pipe' 'remote_forwarded_smtp:\n driver = smtp\n dkim_domain = DKIM_DOMAIN\n dkim_selector = mail\n dkim_private_key = DKIM_PRIVATE_KEY\n dkim_canon = relaxed\n dkim_strict = 0\n hosts_try_fastopen = \n hosts_try_chunking = !93.188.3.0/24\n message_linelength_limit = 1G\n # modify the envelope from, for mails that we forward\n max_rcpt = 1\n return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}\n\nprocmail:\n driver = pipe' '/etc/exim4/exim4.conf.template' -fi - -touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour -touch /etc/exim4/limit_per_email_account_max_recipients -touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour -touch /etc/exim4/limit_per_hosting_account_max_recipients - -echo "= Restarting exim4 service" -systemctl restart exim4 - -if [ $? -ne 0 ]; then - systemctl status exim4 - cp /etc/exim4/exim4.conf.template.backup-without-srs /etc/exim4/exim4.conf.template - systemctl restart exim4 - echo "=== Patching failed, old exim conf returned, exim4 restarted again." - exit 1 -fi -echo "=== SRS support was added successfully. ===" - -exit 0 diff --git a/bin/v-add-user-package b/bin/v-add-user-package index e9fe210a..0cab1a3d 100755 --- a/bin/v-add-user-package +++ b/bin/v-add-user-package @@ -28,7 +28,7 @@ is_package_new() { } is_package_consistent() { - parse_object_kv_list_non_eval $(cat $pkg_dir/$package.pkg) + source $pkg_dir/$package.pkg if [ "$WEB_DOMAINS" != 'unlimited' ]; then is_int_format_valid $WEB_DOMAINS 'WEB_DOMAINS' fi @@ -63,9 +63,6 @@ is_package_consistent() { is_int_format_valid $BACKUPS 'BACKUPS' fi is_format_valid_shell $SHELL - is_web_template_valid $WEB_TEMPLATE - is_dns_template_valid $DNS_TEMPLATE - is_proxy_template_valid $PROXY_TEMPLATE } diff --git a/bin/v-add-wordpress-admin b/bin/v-add-wordpress-admin deleted file mode 100644 index 60778fb2..00000000 --- a/bin/v-add-wordpress-admin +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash -# info: Add a WordPress admin user to a specific domain -# options: DOMAIN USERNAME PASSWORD EMAIL - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -if [ "$#" -lt 4 ]; then - echo "Usage: v-add-wordpress-admin [DOMAIN] [USERNAME] [PASSWORD] [EMAIL]" - exit 1 -fi - -# Importing system environment -source /etc/profile - -SILENT_MODE=1 - -# Argument definition -domain=$1 -username=$2 -password=$3 -email=$4 - -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh -source /usr/local/vesta/func/domain.sh - -if [ -z "$user" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '4' "$#" 'DOMAIN USERNAME PASSWORD EMAIL' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" - -if [ ! -d "/home/$user" ]; then - echo "User doesn't exist"; - exit 1; -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain doesn't exist"; - exit 1; -fi - -if [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - echo 'Please install WordPress first.' - exit 1; -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -/usr/local/vesta/bin/v-run-wp-cli $domain user create $username $email --role=administrator --user_pass="$password" --skip-plugins --skip-themes; - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -exit 0; diff --git a/bin/v-backup-user b/bin/v-backup-user index f6629c9e..0db5d376 100755 --- a/bin/v-backup-user +++ b/bin/v-backup-user @@ -22,9 +22,6 @@ source $VESTA/func/domain.sh source $VESTA/func/db.sh source $VESTA/conf/vesta.conf -if [ ! -z "$NOW" ]; then - BACKUP_LA_LIMIT=50 -fi #----------------------------------------------------------# # Verifications # diff --git a/bin/v-backup-user-now b/bin/v-backup-user-now deleted file mode 100644 index 10eecd87..00000000 --- a/bin/v-backup-user-now +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -export ALLOW_BACKUP_ANYTIME='yes' -export NOW='yes' - -nice -n 19 ionice -c 3 /usr/local/vesta/bin/v-backup-user $1 diff --git a/bin/v-backup-users b/bin/v-backup-users index 05550ded..16a93d6d 100755 --- a/bin/v-backup-users +++ b/bin/v-backup-users @@ -37,7 +37,7 @@ fi log=$VESTA/log/backup.log -# $BIN/v-check-vesta-license >/dev/null +$BIN/v-check-vesta-license >/dev/null touch $log if [ ! -z "$NOTIFY_ADMIN_FULL_BACKUP" ]; then diff --git a/bin/v-blacklist-email-account b/bin/v-blacklist-email-account deleted file mode 100644 index 59ec9cf8..00000000 --- a/bin/v-blacklist-email-account +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/bash -# info: Add a specific email address to exim4 and spamassassin blacklist -# usage: v-blacklist-email-account EMAIL - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -# Determine Debian version and set SpamAssassin service name -release=$(cat /etc/debian_version | tr "." "\n" | head -n1) -if [ "$release" -lt 12 ]; then - SPAMD_SERVICE="spamassassin.service" -else - SPAMD_SERVICE="spamd.service" -fi - -DENY_SENDERS_FILE="/etc/exim4/deny_senders" -SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" - -# Flags to track changes -SPAMASSASSIN_CHANGED=false - -# Function to check if an entry already exists in a file -check_entry_exists() { - local entry=$1 - local file=$2 - grep -qF "$entry" "$file" -} - -# Function to add an entry to a file -add_entry_to_file() { - local entry=$1 - local file=$2 - echo "$entry" >> "$file" -} - -# Display usage if no arguments are provided -if [ $# -lt 1 ]; then - echo "Usage: v-blacklist-email EMAIL" - exit 1 -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -EMAIL=$1 - -# Validate email format -if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then - echo "Invalid email address format." - exit 1 -fi - -# Prepare entries for Exim4 and SpamAssassin -EXIM_ENTRY="$EMAIL" -SPAMASSASSIN_ENTRY="blacklist_from $EMAIL" - -#----------------------------------------------------------# -# Exim4 Blacklist # -#----------------------------------------------------------# - -echo "Updating $DENY_SENDERS_FILE..." -if ! check_entry_exists "$EXIM_ENTRY" "$DENY_SENDERS_FILE"; then - add_entry_to_file "$EXIM_ENTRY" "$DENY_SENDERS_FILE" - echo "Added $EXIM_ENTRY to $DENY_SENDERS_FILE." -else - echo "$EXIM_ENTRY already exists in $DENY_SENDERS_FILE." -fi - -#----------------------------------------------------------# -# SpamAssassin Blacklist # -#----------------------------------------------------------# - -echo "Updating $SPAMASSASSIN_FILE..." -if ! check_entry_exists "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE"; then - add_entry_to_file "$SPAMASSASSIN_ENTRY" "$SPAMASSASSIN_FILE" - echo "Added $SPAMASSASSIN_ENTRY to $SPAMASSASSIN_FILE." - SPAMASSASSIN_CHANGED=true -else - echo "$SPAMASSASSIN_ENTRY already exists in $SPAMASSASSIN_FILE." -fi - -if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then - systemctl restart "$SPAMD_SERVICE" - echo "SpamAssassin service ($SPAMD_SERVICE) restarted." -fi - -#----------------------------------------------------------# -# Done # -#----------------------------------------------------------# - -exit 0 diff --git a/bin/v-blacklist-email-domain b/bin/v-blacklist-email-domain deleted file mode 100644 index a72a17a9..00000000 --- a/bin/v-blacklist-email-domain +++ /dev/null @@ -1,133 +0,0 @@ -#!/bin/bash -# info: Add a domain to exim4 and spamassassin blacklist -# usage: v-blacklist-email-domain DOMAIN SUBDOMAIN(YES/NO) - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -# Determine Debian version and set SpamAssassin service name -release=$(cat /etc/debian_version | tr "." "\n" | head -n1) -if [ "$release" -lt 12 ]; then - SPAMD_SERVICE="spamassassin.service" -else - SPAMD_SERVICE="spamd.service" -fi - -DENY_SENDERS_FILE="/etc/exim4/deny_senders" -SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" - -# Flags to track changes -SPAMASSASSIN_CHANGED=false - -# Function to check if a domain already exists in a file -check_domain_exists() { - local domain=$1 - local file=$2 - grep -qE "^${domain}$" "$file" -} - -# Function to check if a SpamAssassin entry already exists -check_spamassassin_exists() { - local entry=$1 - local file=$2 - grep -qF "$entry" "$file" -} - -# Function to add domain to file -add_domain_to_file() { - local domain=$1 - local file=$2 - echo "$domain" >> "$file" -} - -# Display usage if no arguments are provided -if [ $# -lt 2 ]; then - echo "Usage: v-blacklist-domain DOMAIN SUBDOMAIN(YES/NO)" - exit 1 -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -DOMAIN=$1 -SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) - -# Validate SUBDOMAIN parameter -if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then - echo "Invalid parameter for SUBDOMAIN. Use YES or NO." - exit 1 -fi - -# Prepare entries for Exim4 -EXIM_ENTRY_MAIN="$DOMAIN" -EXIM_ENTRY_SUB="*.$DOMAIN" - -# Prepare entries for SpamAssassin -SPAMASSASSIN_ENTRY_MAIN="blacklist_from *@${DOMAIN}" -SPAMASSASSIN_ENTRY_SUB="blacklist_from *.$DOMAIN" - -#----------------------------------------------------------# -# Exim4 Blacklist # -#----------------------------------------------------------# - -echo "Updating $DENY_SENDERS_FILE..." -if ! check_domain_exists "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE"; then - add_domain_to_file "$EXIM_ENTRY_MAIN" "$DENY_SENDERS_FILE" - echo "Added $EXIM_ENTRY_MAIN to $DENY_SENDERS_FILE." -else - echo "$EXIM_ENTRY_MAIN already exists in $DENY_SENDERS_FILE." -fi - -if [ "$SUBDOMAIN" == "YES" ]; then - if ! check_domain_exists "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE"; then - add_domain_to_file "$EXIM_ENTRY_SUB" "$DENY_SENDERS_FILE" - echo "Added $EXIM_ENTRY_SUB to $DENY_SENDERS_FILE." - else - echo "$EXIM_ENTRY_SUB already exists in $DENY_SENDERS_FILE." - fi -fi - -#----------------------------------------------------------# -# SpamAssassin Blacklist # -#----------------------------------------------------------# - -echo "Updating $SPAMASSASSIN_FILE..." -if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then - add_domain_to_file "$SPAMASSASSIN_ENTRY_MAIN" "$SPAMASSASSIN_FILE" - echo "Added $SPAMASSASSIN_ENTRY_MAIN to $SPAMASSASSIN_FILE." - SPAMASSASSIN_CHANGED=true -else - echo "$SPAMASSASSIN_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." -fi - -if [ "$SUBDOMAIN" == "YES" ]; then - if ! check_spamassassin_exists "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then - add_domain_to_file "$SPAMASSASSIN_ENTRY_SUB" "$SPAMASSASSIN_FILE" - echo "Added $SPAMASSASSIN_ENTRY_SUB to $SPAMASSASSIN_FILE." - SPAMASSASSIN_CHANGED=true - else - echo "$SPAMASSASSIN_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." - fi -fi - -if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then - systemctl restart "$SPAMD_SERVICE" - echo "SpamAssassin service ($SPAMD_SERVICE) restarted." -fi - -#----------------------------------------------------------# -# Done # -#----------------------------------------------------------# - -exit 0 diff --git a/bin/v-change-database-password-for-all-wordpress b/bin/v-change-database-password-for-all-wordpress deleted file mode 100644 index 1a364307..00000000 --- a/bin/v-change-database-password-for-all-wordpress +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash -# info: change db password to all wordpress databases -# options: -# -# The command is used for changing db password to all wordpress databases on the server. - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Importing system variables -source /etc/profile - -# Includes -source $VESTA/func/main.sh - -only_user=''; -if [ ! -z "$1" ]; then - only_user=$1 -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -touch /root/remember-db-user-pass.txt - -for user in $(grep '@' /etc/passwd |cut -f1 -d:); do - if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then - continue; - fi - - if [ ! -z "$only_user" ]; then - if [ "$only_user" != "$user" ]; then - continue; - fi - fi - - for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do - if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - /usr/local/vesta/bin/v-change-database-password-for-wordpress $domain $user - echo "--------------------------------" - fi - done - - if [ ! -z "$only_user" ]; then - break; - fi - -done - -# cat /root/remember-db-user-pass.txt -if [ -f "/root/remember-db-user-pass.txt" ]; then - rm /root/remember-db-user-pass.txt -fi - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-change-database-password-for-wordpress b/bin/v-change-database-password-for-wordpress deleted file mode 100644 index 7f31b181..00000000 --- a/bin/v-change-database-password-for-wordpress +++ /dev/null @@ -1,132 +0,0 @@ -#!/bin/bash -# info: change database password for wordpress -# options: -# -# The command is used for changing database password for wordpress. - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -# Argument definition -domain=$1 - -# Check if number of arguments is 2 -if [ $# -eq 2 ]; then - user=$2 -else - user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -fi -USER=$user - -if [ -z "$user" ]; then - echo "ERROR: Domain $domain not found" - exit 1; -fi - -if [ ! -d "/home/$user" ]; then - echo "ERROR: User $user doesn't exist"; - exit 1; -fi - -# Includes -source /usr/local/vesta/func/main.sh - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -check_args '1' "$#" 'DOMAIN' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "ERROR: Domain doesn't exist"; - exit 1; -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -if [ -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - echo "=== Domain: $domain" - wp_config_path="/home/$user/web/$domain/public_html/wp-config.php" - if grep -q $'\r' $wp_config_path; then - echo "=== removing CRLF from wp-config.php" - tr -d '\r' < $wp_config_path > /tmp/wp-config.php && mv /tmp/wp-config.php $wp_config_path - chown $user:$user $wp_config_path - fi - db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*'\K[^']+") - db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*'\K[^']+") - if [ -z "$db_name" ]; then - db_name=$(grep "DB_NAME" $wp_config_path | grep -oP "define\s*\(\s*'DB_NAME'\s*,\s*\"\K[^\"]+") - fi - if [ -z "$db_user" ]; then - db_user=$(grep "DB_USER" $wp_config_path | grep -oP "define\s*\(\s*'DB_USER'\s*,\s*\"\K[^\"]+") - fi - new_password='' - found_existing_password=0 - if [ -f "/root/remember-db-user-pass.txt" ]; then - db_user_pass=$(grep "$db_user:" /root/remember-db-user-pass.txt) - if [ -n "$db_user_pass" ]; then - new_password=$(echo "$db_user_pass" | cut -d':' -f2) - echo "= Using existing password for $db_user" - found_existing_password=1 - fi - fi - - if [ -z "$new_password" ]; then - new_password=$(generate_password) - fi - - echo "DB name: $db_name" - echo "DB user: $db_user" - echo "New DB password: $new_password" - if [ $found_existing_password -eq 0 ]; then - touch /root/remember-db-user-pass.txt - echo "$db_user:$new_password" >> /root/remember-db-user-pass.txt - chown root:root /root/remember-db-user-pass.txt - chmod 600 /root/remember-db-user-pass.txt - fi - /usr/local/vesta/bin/v-change-database-password "$user" "$db_name" "$new_password" - if [ $? -ne 0 ]; then - echo "*************** ERROR: Failed to change database password ***************" - exit 1; - fi - line="define('DB_PASSWORD', '$new_password');" - chattr -i $wp_config_path - sed -i "s/.*define(.*DB_PASSWORD'.*/$line/" $wp_config_path - new_password_line=$(grep "DB_PASSWORD" $wp_config_path) - echo "New DB password line: $new_password_line" - if [ "$new_password_line" != "$line" ]; then - echo "*************** ERROR: line in wp-config.php is not what we expected ***************" - echo "Expected: $line" - echo "Actual : $new_password_line" - echo "*************** ERROR: Please check wp-config.php manually ***************" - exit 1; - fi -else - echo "ERROR: WP-config.php not found" - exit 1; -fi - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit 0; diff --git a/bin/v-change-dir-www b/bin/v-change-dir-www deleted file mode 100644 index 1f230099..00000000 --- a/bin/v-change-dir-www +++ /dev/null @@ -1,71 +0,0 @@ -#!/bin/bash -# info: Change directory to the public_html folder of a domain -# usage: source v-cd-www DOMAIN - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then - echo "This script must be sourced to change the current directory." - echo "Usage: source v-cd-www DOMAIN" - exit 1 -fi - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - return 1 -fi - -# Importing system environment -source /etc/profile -PATH=$PATH:/usr/local/vesta/bin && export PATH - -SILENT_MODE=1 - -# Argument definition -domain=$1 - -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) - -if [ -z "$user" ]; then - echo "Domain $domain doesn't exist" - return 1 -fi - -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh -source /usr/local/vesta/func/domain.sh - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '1' "$#" 'DOMAIN' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" - -if [ ! -d "/home/$user" ]; then - echo "User $user doesn't exist" - return 1 -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Domain $domain doesn't have a public_html directory" - return 1 -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -cd "/home/$user/web/$domain/public_html" - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -return 0 diff --git a/bin/v-change-domain-owner b/bin/v-change-domain-owner index ed5fa5a4..09ae9bcc 100755 --- a/bin/v-change-domain-owner +++ b/bin/v-change-domain-owner @@ -82,10 +82,6 @@ if [ ! -z "$web_data" ]; then # Move data mv $HOMEDIR/$owner/web/$domain $HOMEDIR/$user/web/ - if [ -d "/hdd/home/$owner/web/$domain" ]; then - $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/web/$domain /hdd/home/$user/web/$domain - fi - # Change ownership find $HOMEDIR/$user/web/$domain -user $owner \ -exec chown -h $user:$user {} \; @@ -156,10 +152,6 @@ if [ ! -z "$mail_data" ]; then # Move data mv $HOMEDIR/$owner/mail/$domain $HOMEDIR/$user/mail/ - if [ -d "/hdd/home/$owner/mail/$domain" ]; then - $BIN/v-move-folder-and-make-symlink /hdd/home/$owner/mail/$domain /hdd/home/$user/mail/$domain - fi - # Change ownership find $HOMEDIR/$user/mail/$domain -user $owner \ -exec chown -h $user {} \; diff --git a/bin/v-change-firewall-rule b/bin/v-change-firewall-rule index aad2ec38..d2502bce 100755 --- a/bin/v-change-firewall-rule +++ b/bin/v-change-firewall-rule @@ -62,8 +62,6 @@ str="RULE='$rule' ACTION='$action' PROTOCOL='$protocol' PORT='$port_ext'" str="$str IP='$ip' COMMENT='$comment' SUSPENDED='no'" str="$str TIME='$time' DATE='$date'" -oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) - # Deleting old rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf @@ -76,14 +74,6 @@ sort_fw_rules # Updating system firewall $BIN/v-update-firewall -if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then - if [ "$port_ext" == "80,443" ] && [ "$action" == "DROP" ]; then - NEWIP=$ip - parse_object_kv_list_non_eval "$oldvalues" - sed -i "s|$IP|$NEWIP|g" /etc/nginx/conf.d/block-firewall.conf - systemctl restart nginx - fi -fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-change-user-package b/bin/v-change-user-package index 1e088bcc..d0de98db 100755 --- a/bin/v-change-user-package +++ b/bin/v-change-user-package @@ -16,7 +16,6 @@ force=$3 # Includes source $VESTA/func/main.sh -source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf is_package_avalable() { @@ -24,7 +23,7 @@ is_package_avalable() { usr_data=$(cat $USER_DATA/user.conf) IFS=$'\n' for key in $usr_data; do - parse_object_kv_list_non_eval $key + eval ${key%%=*}=${key#*=} done WEB_DOMAINS='0' @@ -36,7 +35,7 @@ is_package_avalable() { pkg_data=$(cat $VESTA/data/packages/$package.pkg |grep -v TIME |\ grep -v DATE) - parse_object_kv_list_non_eval $pkg_data + eval $pkg_data # Checking usage agains package limits if [ "$WEB_DOMAINS" != 'unlimited' ]; then @@ -74,15 +73,11 @@ is_package_avalable() { check_result $E_LIMIT "Package doesn't cover BANDWIDTH usage" fi fi - - is_web_template_valid $WEB_TEMPLATE - is_dns_template_valid $DNS_TEMPLATE - is_proxy_template_valid $PROXY_TEMPLATE } change_user_package() { - parse_object_kv_list_non_eval $(cat $USER_DATA/user.conf) - parse_object_kv_list_non_eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") + eval $(cat $USER_DATA/user.conf) + eval $(cat $VESTA/data/packages/$package.pkg |egrep -v "TIME|DATE") echo "FNAME='$FNAME' LNAME='$LNAME' PACKAGE='$package' diff --git a/bin/v-change-wordpress-admin-passwords b/bin/v-change-wordpress-admin-passwords deleted file mode 100644 index bca23ad8..00000000 --- a/bin/v-change-wordpress-admin-passwords +++ /dev/null @@ -1,201 +0,0 @@ -#!/bin/bash -# info: interactively delete or change WordPress admin passwords for a given domain -# options: DOMAIN -# -# d → delete user (with content reassignment) -# c → change password (random 10-char alnum) -# s → skip -# x → exit - -#----------------------------------------------------------# -# Variable & Function # -#----------------------------------------------------------# - -[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } -source /etc/profile - -DOMAIN="$1" -[ -z "$DOMAIN" ] && { echo "Usage: v-change-wp-admins-pass DOMAIN"; exit 1; } - -USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" -[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } - -WP_PATH="/home/$USER/web/$DOMAIN/public_html" -[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } - -# WP-CLI wrapper -if [ ! -z "$PHP" ]; then - WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" -else - WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" -fi - -# random 10-char password -gen_pass() { tr -dc 'A-Za-z0-9' > /home/$USER/web/$DOMAIN/wp-admin-password-change.txt - chown $USER:$USER /home/$USER/web/$DOMAIN/wp-admin-password-change.txt - chmod 600 /home/$USER/web/$DOMAIN/wp-admin-password-change.txt - else - cat /home/$USER/web/$DOMAIN/wp-cli-error.log - echo "Failed to change password for $TARGET." - fi - break - ;; - [Ss]* ) - echo "Skipping $TARGET." - break - ;; - [Xx]* ) - echo "Exiting." - exit 0 - ;; - * ) echo "Please answer d, c, s, or x." ;; - esac - done -done <<< "$ADMIN_LIST_CSV" - -if [ -f /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ]; then - echo "" - echo "" - echo "-------------------------------------" - echo "For website $DOMAIN - new wp-admin passwords have been set." - echo "-------------------------------------" - cat /home/$USER/web/$DOMAIN/wp-admin-password-change.txt - echo "-------------------------------------" - echo "" - echo "" - read -r -p "Do you want to save the new passwords to a file /home/$USER/web/$DOMAIN/wp-admin-password-change.txt ? (y/n, default: n) " SAVE_PASSWORDS < /dev/tty - if [ -z "$SAVE_PASSWORDS" ]; then - SAVE_PASSWORDS="n" - fi - if [[ $SAVE_PASSWORDS =~ ^[Nn]$ ]]; then - rm /home/$USER/web/$DOMAIN/wp-admin-password-change.txt - fi -fi - -#----------------------------------------------------------# -# flush cache and refresh all security salts # -#----------------------------------------------------------# - -echo "-------------------------------------" -echo -echo "Flushing cache and refreshing salts..." - -RUN="$WP_RUN cache flush" -eval "$RUN" -RUN="$WP_RUN config shuffle-salts WP_CACHE_KEY_SALT --force" -eval "$RUN" -RUN="$WP_RUN config shuffle-salts" -eval "$RUN" - -echo "Cache flushed and salts refreshed." - -echo -echo "Done." - -exit 0 diff --git a/bin/v-clean-garbage b/bin/v-clean-garbage index 11e29122..80d7f165 100644 --- a/bin/v-clean-garbage +++ b/bin/v-clean-garbage @@ -14,10 +14,6 @@ if [ "$whoami" != "root" ]; then exit 1 fi -echo "===== Before cleaning =====" -df -h -echo "===========================" - # Includes source /usr/local/vesta/func/main.sh @@ -69,8 +65,6 @@ clean_home() { find $1/*/web/*/public_html/wp-content/wpvividbackups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/updraft/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/wp-content/plugins/ezpz-one-click-backup/backups/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 - find $1/*/web/*/public_html/wp-content/backups-dup-lite/ -type f -not -name ".htaccess" -not -name "index.php" -not -name "index.html" -not -name "web.config" -delete > /dev/null 2>&1 - find $1/*/web/*/public_html/wp-content/cache/ -type f -not -name ".htaccess" -delete > /dev/null 2>&1 find $1/*/web/*/public_html/ -type f -name "*.wpress" -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/tmp/ -type f -mtime +1 -delete > /dev/null 2>&1 nice -n 19 ionice -c 3 find $1/*/web/*/public_html/ -type f -name "error_log" -exec truncate -s 0 {} \; @@ -90,13 +84,6 @@ if [ $fail2ban_running -eq 1 ]; then fi if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then rm /var/lib/fail2ban/fail2ban.sqlite3 - if [ -f "/etc/nginx/conf.d/block.conf" ]; then - truncate -s 0 /etc/nginx/conf.d/block.conf - nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') - if [ $nginx_running -eq 1 ]; then - systemctl restart nginx - fi - fi fi if [ $fail2ban_running -eq 1 ]; then systemctl start fail2ban @@ -110,23 +97,11 @@ if [ -f "/usr/local/bin/tailf_exim.php" ]; then nohup php /usr/local/bin/tailf_exim.php > /var/log/tailf_exim.log 2>&1 & fi -exim_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'exim') -if [ $exim_installed -gt 0 ]; then - systemctl restart exim4 -fi - - #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# -echo "" -echo "***** Garbage cleaned *****" -echo "" -echo "===== After cleaning ======" -df -h -echo "===========================" - +echo "=== Garbage cleaned ===" log_event "$OK" "$ARGUMENTS" diff --git a/bin/v-clear-fail2ban b/bin/v-clear-fail2ban deleted file mode 100644 index ab3ab30c..00000000 --- a/bin/v-clear-fail2ban +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash -# info: Clean fail2ban database -# options: NONE -# -# The function is cleaning fail2ban database - -#----------------------------------------------------------# -# Verifications & Variable & Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# check if fail2ban is installed -fail2ban_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'fail2ban') -if [ $fail2ban_installed -eq 0 ]; then - echo "Fail2ban is not installed" - exit 1 -fi - -# Includes -source /usr/local/vesta/func/main.sh - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# Cleaning fail2ban database -fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') -if [ $fail2ban_running -eq 1 ]; then - echo "== Stopping fail2ban" - systemctl stop fail2ban -fi -if [ -f "/var/lib/fail2ban/fail2ban.sqlite3" ]; then - echo "== Cleaning fail2ban database" - rm /var/lib/fail2ban/fail2ban.sqlite3 - if [ -f "/etc/nginx/conf.d/block.conf" ]; then - echo "== Cleaning nginx block.conf" - truncate -s 0 /etc/nginx/conf.d/block.conf - nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') - if [ $nginx_running -eq 1 ]; then - echo "== Restarting nginx" - systemctl restart nginx - fi - fi -fi -if [ $fail2ban_running -eq 1 ]; then - echo "== Starting fail2ban" - systemctl start fail2ban -fi - -echo "== Done, fail2ban database cleaned" - -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-clone-website b/bin/v-clone-website index 9bebbffd..46623db4 100644 --- a/bin/v-clone-website +++ b/bin/v-clone-website @@ -20,7 +20,6 @@ if [ $# -lt 2 ]; then echo "--TO_DATABASE_USERNAME=..." echo "--TO_DATABASE_PASSWORD=..." echo "--SITE_SUBFOLDER=..." - echo "--EXCLUDE_UPLOADS=1 (or do not set it)" exit 1 fi @@ -264,6 +263,12 @@ if [ $IT_IS_WP -eq 0 ]; then cd /root git clone https://github.com/interconnectit/Search-Replace-DB.git fi +else + if [ ! -f "/usr/local/bin/wp" ]; then + echo "=== Downloading latest wp-cli" + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp + fi fi CREATE_TO_DATABASE=0 @@ -308,7 +313,6 @@ echo "FROM_DOMAIN_PROXY_TPL = $FROM_DOMAIN_PROXY_TPL" echo "FROM_DOMAIN_PROXY_EXT = $FROM_DOMAIN_PROXY_EXT" echo "SEARCH_FOR_CONFIGS_DATABASE_NAME = $SEARCH_FOR_CONFIGS_DATABASE_NAME" echo "SEARCH_FOR_CONFIGS_DATABASE_USERNAME = $SEARCH_FOR_CONFIGS_DATABASE_USERNAME" -echo "EXCLUDE_UPLOADS = $EXCLUDE_UPLOADS" echo "===============================================================================" read -p "=== Press Enter to continue ===" @@ -366,25 +370,17 @@ if [ -d "/root/temp" ]; then fi mkdir -p /root/temp cd /root/temp -mysqldump --max_allowed_packet=1024M $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql +mysqldump $FROM_DATABASE_NAME > $FROM_DATABASE_NAME.sql echo "=== Importing to database $TO_DATABASE_NAME" mysql $TO_DATABASE_NAME < $FROM_DATABASE_NAME.sql -rm $FROM_DATABASE_NAME.sql - -EXCLUDE='' -if [ ! -z "$EXCLUDE_UPLOADS" ]; then - EXCLUDE="--exclude '/wp-content/uploads/*'" -fi echo "=== Copying files from $FROM_FOLDER to folder $TO_FOLDER" if [ "$SITE_SUBFOLDER" != ".." ]; then - run="rsync -a --delete $EXCLUDE $FROM_FOLDER/ $TO_FOLDER/" - echo "====== Executing: $run" - eval $run + echo "====== Executing: rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/" + rsync -a --delete $FROM_FOLDER/ $TO_FOLDER/ else - run="rsync -a --delete $EXCLUDE --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" - echo "====== Executing: $run" - eval $run + echo "====== Executing: rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/" + rsync -a --delete --exclude 'logs/*' $FROM_FOLDER/ $TO_FOLDER/ fi echo "=== Chowning to $TO_USER:$TO_USER in folder $TO_FOLDER" chown -R $TO_USER:$TO_USER $TO_FOLDER @@ -423,35 +419,16 @@ if [ $IT_IS_WP -eq 0 ]; then php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$TO_DATABASE_NAME" -u "$TO_DATABASE_USERNAME" -p "$TO_DATABASE_PASSWORD" -s "/home/$FROM_USER/" -r "/home/$TO_USER/" fi else + cd $TO_FOLDER echo "=== Replacing $FROM_DOMAIN to $TO_DOMAIN in database $TO_DATABASE_NAME" - /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; + sudo -H -u$TO_USER wp search-replace "$FROM_DOMAIN" "$TO_DOMAIN" --precise --all-tables --skip-columns=guid if [ "$FROM_USER" != "$TO_USER" ]; then echo "=== Replacing /home/$FROM_USER/ to /home/$TO_USER/ in database $TO_DATABASE_NAME" - /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; - fi - /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN cache flush --skip-plugins --skip-themes; - /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts WP_CACHE_KEY_SALT --force --skip-plugins --skip-themes; - /usr/local/vesta/bin/v-run-wp-cli $TO_DOMAIN config shuffle-salts --skip-plugins --skip-themes; -fi - -# ----------- Update Wordfence WAF Path ------------- - -# Path to .user.ini file in the new domain directory -user_ini="/home/$TO_USER/web/$TO_DOMAIN/public_html/.user.ini" - -# Check if .user.ini exists -if [ -f "$user_ini" ]; then - echo "Updating .user.ini with new path..." - - # Change path from old domain to new domain - sed -i "s|/home/.*/public_html|/home/$TO_USER/web/$TO_DOMAIN/public_html|g" $user_ini - - # Check if replacement was successful and update .user.ini - if [ $? -eq 0 ]; then - echo ".user.ini updated successfully." - else - echo "Failed to update .user.ini file." + sudo -H -u$TO_USER wp search-replace "/home/$FROM_USER/" "/home/$TO_USER/" --precise --all-tables --skip-columns=guid fi + sudo -H -u$TO_USER wp cache flush + sudo -H -u$TO_USER wp config shuffle-salts WP_CACHE_KEY_SALT --force + sudo -H -u$TO_USER wp config shuffle-salts fi echo "===== DONE ====" diff --git a/bin/v-commander b/bin/v-commander index a7fbf454..073c6d72 100644 --- a/bin/v-commander +++ b/bin/v-commander @@ -13,14 +13,11 @@ fi source /etc/profile PATH=$PATH:/usr/local/vesta/bin && export PATH -if [ $SHOWHEADER -eq 1 ]; then - echo "======================= mvVesta-commander ================================" -fi +echo "======================= mvVesta-commander ================================" if [ -f /root/kernelupdate ]; then rm /root/kernelupdate fi -apt_updated=0 apt_upgraded=0 quit_on_empty=0 @@ -63,38 +60,34 @@ check_status() { myhelp() { echo "---------- Press: -----------" - echo "a = Activate Email rate limit" - echo "b = bash" - echo "c = check status" - echo "d = df -h" - echo "e = make sure Apache is in mpm_event" - echo "f = free -h" + echo "u = apt-get update" echo "g = apt-get upgrade" - echo "h = help" + echo "c = check status" + echo "e = make sure Apache is in mpm_event" + echo "s = download sury.org apt-get key" echo "m = install php-memcached" echo "p = set version of php as default" - echo "q = quit" - echo "r = reboot" - echo "s = download sury.org apt-get key" - echo "n = download nginx gpg key" - echo "freexian = add Freexian repository" - echo "t = clean the trash" - echo "u = apt-get update" echo "v = update myVesta" echo "vo = update myVesta without 'apt-get update'" + echo "t = clean the trash" echo "w = w" + echo "d = df -h" + echo "f = free -h" + echo "b = bash" + echo "r = reboot" + echo "q = quit" + echo "h = help" echo "-----------------------------" - echo "inst v = install myVesta" - echo "inst p = install multi-php" - echo "inst pgw = install php-gate" - echo "inst r = install new Roundcube" - echo "inst memcached = install memcached" - echo "inst redis = install Redis" - echo "inst nginx-rate-limit = install nginx-rate-limit templates" + echo "inst v = install myVesta" + echo "inst p = install multi-php" + echo "inst pgw = install php-gate" + echo "inst r = install new Roundcube" + echo "inst memcached = install memcached" + echo "inst redis = install Redis" echo "dis fb = stop and disable fail2ban" echo "dis dove = stop and disable dovecot" - echo "dis spam = stop and disable spamassassin" - echo "dis clam = stop and disable ClamAV" + echo "dis spam = stop and disable spam" + echo "dis clam = stop and disable clamav" echo "p 7.0 = set default php 7.0" echo "p 7.3 = set default php 7.3" echo "p 7.4 = set default php 7.4" @@ -103,38 +96,20 @@ myhelp() { echo "m def = install php-memcached if needed" echo "check fc = check if FreshClam is up" echo "-----------------------------" - echo "enable-ssh-root-password-login = Allow root password authentication via SSH" - echo "id_rsa = generate id_rsa and id_rsa.pub if it does not exist and show id_rsa.pub" + echo "enable-ssh-root-password-login = Allow root password authentication via SSH and set the root password to match the password for the admin account" echo "-----------------------------" } -apt_update() { - echo "=============================" - echo "== running: apt-get update" - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) - if [ "$release" -lt 10 ]; then - apt-get update - else - apt-get update --allow-releaseinfo-change - fi - apt_updated=1 -} - COUNTER=0 -HAS_PARAMETERS=0 while true do COUNTER=$((COUNTER + 1)) if [ $COUNTER -le $numargs ]; then - HAS_PARAMETERS=1 answer=$1 shift else - if [ $HAS_PARAMETERS -eq 1 ]; then - exit; - fi read -p 'What to do: ' answer fi @@ -151,42 +126,17 @@ do if [ "$answer" = 'quit-on-empty' ]; then echo "== the script will quit on next enter" quit_on_empty=1 - HAS_PARAMETERS=0 fi - - if [ "$answer" = 'a' ] || [ "$answer" = 'A' ]; then - mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup - cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template - - touch /etc/exim4/limit_per_email_account_max_sent_emails_per_hour - touch /etc/exim4/limit_per_email_account_max_recipients - touch /etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour - touch /etc/exim4/limit_per_hosting_account_max_recipients - - check_grep=$(grep -c '#SPAMASSASSIN' /etc/exim4/exim4.conf.template-backup) - if [ "$check_grep" -eq 0 ]; then - sed -i "s|#SPAMASSASSIN|SPAMASSASSIN|g" /etc/exim4/exim4.conf.template - fi - - check_grep=$(grep -c '#SPAM_SCORE' /etc/exim4/exim4.conf.template-backup) - if [ "$check_grep" -eq 0 ]; then - sed -i "s|#SPAM_SCORE|SPAM_SCORE|g" /etc/exim4/exim4.conf.template - fi - - check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template-backup) - if [ "$check_grep" -eq 0 ]; then - sed -i "s|#CLAMD|CLAMD|g" /etc/exim4/exim4.conf.template - fi - - systemctl restart exim4 - echo "Email rate limit activated." - fi - - - if [ "$answer" = 'u' ] || [ "$answer" = 'U' ]; then - apt_update + echo "=============================" + echo "== running: apt-get update" + release=$(cat /etc/debian_version | tr "." "\n" | head -n1) + if [ "$release" -lt 10 ]; then + apt-get update + else + apt-get update --allow-releaseinfo-change + fi fi if [ "$answer" = 'g' ] || [ "$answer" = 'G' ]; then @@ -203,10 +153,11 @@ do apt_upgraded=1 kernelupdate=$(grep -c 'linux-image-' /var/log/apt/history.log) - dbusupdate=$(grep -c ' dbus:a' /var/log/apt/history.log) - if [ $kernelupdate -gt 0 ] || [ $dbusupdate -gt 0 ] || [ -f "/run/reboot-required" ] || [ -f "/var/run/reboot-required" ]; then + if [ $kernelupdate -gt 0 ]; then touch /root/kernelupdate - echo "== kernel is updated, reboot is required!" + echo "== kernel is updated" + else + echo "== kernel is not updated" fi fi @@ -222,33 +173,6 @@ do fi fi - if [ "$answer" = 'n' ] || [ "$answer" = 'N' ]; then - if [ -f "/etc/apt/sources.list.d/nginx.list" ]; then - echo "=============================" - echo "== renewing nginx gpg key" - apt-get update - apt-get -y install curl gnupg2 ca-certificates lsb-release debian-archive-keyring - curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null - echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list - fi - fi - - if [ "$answer" = 'freexian' ] || [ "$answer" = 'FREEXIAN' ]; then - if [ "$release" -lt 11 ]; then - echo "=============================" - echo "== adding Freexian repository" - apt-get update - apt-get install lsb-release - wget https://deb.freexian.com/extended-lts/pool/main/f/freexian-archive-keyring/freexian-archive-keyring_2022.06.08_all.deb && sudo dpkg -i freexian-archive-keyring_2022.06.08_all.deb - cat /etc/apt/sources.list - mv /etc/apt/sources.list /etc/apt/sources.list.old - echo "deb http://deb.freexian.com/extended-lts `lsb_release -cs` main contrib non-free" > /etc/apt/sources.list - rm /etc/apt/sources.list.d/hetzner* - else - echo "== Freexian is not supported on Debian 11 or higher" - fi - fi - if [ "$answer" = 'e def' ] || [ "$answer" = 'E DEF' ]; then release=$(cat /etc/debian_version | tr "." "\n" | head -n1) echo "=============================" @@ -307,9 +231,6 @@ do systemctl stop clamav-daemon.service systemctl disable clamav-daemon.service - systemctl stop clamav-daemon.socket - systemctl disable clamav-daemon.socket - systemctl stop clamav-freshclam.service systemctl disable clamav-freshclam.service @@ -320,7 +241,6 @@ do if [ "$answer" = 'dis spam' ] || [ "$answer" = 'DIS SPAM' ]; then echo "=============================" echo "== disabling SpamAssassin" - release=$(cat /etc/debian_version | tr "." "\n" | head -n1) if [ "$release" -lt 12 ]; then systemctl stop spamassassin.service systemctl disable spamassassin.service @@ -504,8 +424,8 @@ do memory=$(grep 'MemTotal' /proc/meminfo |tr ' ' '\n' |grep [0-9]) apt-get update apt-get -y install memcached - apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ") - apt-get -y install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ") + apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcache ") + apt-get install $(systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | cut -c1-6 | xargs -n 1 printf "%s-memcached ") if [ $memory -lt 15000000 ]; then sed -i "s/-m 64/-m 256/" /etc/memcached.conf else @@ -526,7 +446,6 @@ do sed -i "s|^supervised no|supervised systemd|g" /etc/redis/redis.conf sed -i "s|^save |# save |g" /etc/redis/redis.conf - sed -i 's|^# save ""|save ""|g' /etc/redis/redis.conf if [ $memory -lt 15000000 ]; then sed -i "s|^# maxmemory .*|maxmemory 256m|g" /etc/redis/redis.conf else @@ -539,15 +458,6 @@ do echo "-------------------" fi - if [ "$answer" = 'inst nginx-rate-limit' ] || [ "$answer" = 'INST NGINX-RATE-LIMIT' ]; then - echo "=============================" - echo "== Installing inst nginx-rate-limit templates" - curl -O https://c.myvestacp.com/tools/rate-limit-tpl/install_rate_limit_tpl.sh - bash install_rate_limit_tpl.sh - echo "== nginx-rate-limit templates installed." - echo "-------------------" - fi - if [ "$answer" = 'check fc' ] || [ "$answer" = 'CHECK FC' ]; then echo "== Checking if FreshClam is up" clamavup=$(/usr/local/vesta/bin/v-list-sys-services | grep 'clamav-daemon' | grep -c 'running') @@ -566,13 +476,21 @@ do echo "--- New settings ---" grep '^PermitRoot' /etc/ssh/sshd_config echo "--------------------" + adminline=$(grep '^admin:' /etc/shadow) + adminline=${adminline:6} + adminline="root:$adminline" + sed -i "s#^root:.*#$adminline#" /etc/shadow + echo "root password is now the same as admin password." + echo "--------------------" + grep '^root:' /etc/shadow + grep '^admin:' /etc/shadow + echo "--------------------" echo "Port 22 opened in Firewall for all IP addresses." /usr/local/vesta/bin/v-unsuspend-firewall-rule "11" echo "--------------------" - echo "Type 'passwd' in the terminal to set the root password." - echo "--------------------" fi + if [ "$answer" = 'r' ] || [ "$answer" = 'R' ]; then echo "=============================" echo "== Rebooting the server" @@ -622,13 +540,4 @@ do /root/install-new-roundcube.sh fi - if [ "$answer" = 'id_rsa' ] || [ "$answer" = 'ID_RSA' ]; then - if [ ! -f "/root/.ssh/id_rsa.pub" ]; then - ssh-keygen -q -t rsa -N '' -C "$HOSTNAME" -b 4096 -f /root/.ssh/id_rsa 2>/dev/null <<< y >/dev/null - fi - echo "=== YOUR id_rsa.pub IS BELOW ===" - cat /root/.ssh/id_rsa.pub - echo "======" - fi - done diff --git a/bin/v-delete-database-of-domain b/bin/v-delete-database-of-domain deleted file mode 100644 index 30fd18c0..00000000 --- a/bin/v-delete-database-of-domain +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -# info: delete database if domain has database -# options: DOMAIN -# -# The function for deleting database if domain has database - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -# Argument definition -domain=$1 - -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh - -if [ -z "$user" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '1' "$#" 'DOMAIN' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -RET=$OK - -# echo "=================================" -r=$(/usr/local/vesta/bin/v-get-database-credentials-of-domain $domain) -# echo $r -eval $r -# echo "=================================" - -if [ ! -z "$DATABASE_NAME" ]; then - echo "=== v-delete-database $USER $DATABASE_NAME" - /usr/local/vesta/bin/v-delete-database $USER $DATABASE_NAME - if [ $? -ne 0 ]; then - echo "=== v-delete-database failed" - RET=$E_NOTEXIST - fi -fi - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -log_event "$RET" "$ARGUMENTS" - -exit diff --git a/bin/v-delete-domain b/bin/v-delete-domain index 1ca3373b..b6294679 100755 --- a/bin/v-delete-domain +++ b/bin/v-delete-domain @@ -37,10 +37,9 @@ is_object_unsuspended 'user' 'USER' "$user" if [ ! -z "$WEB_SYSTEM" ]; then str=$(grep "DOMAIN='$domain'" $USER_DATA/web.conf) if [ ! -z "$str" ]; then - $BIN/v-delete-database-of-domain $domain domain_found='yes' $BIN/v-delete-web-domain $user $domain 'no' - check_result $? "can't delete web" > /dev/null + check_result $? "can't suspend web" > /dev/null fi fi @@ -50,7 +49,7 @@ if [ ! -z "$DNS_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-dns-domain $user $domain 'no' - check_result $? "can't delete dns" > /dev/null + check_result $? "can't suspend dns" > /dev/null fi fi @@ -60,7 +59,7 @@ if [ ! -z "$MAIL_SYSTEM" ]; then if [ ! -z "$str" ]; then domain_found='yes' $BIN/v-delete-mail-domain $user $domain - check_result $? "can't delete mail" > /dev/null + check_result $? "can't suspend mail" > /dev/null fi fi diff --git a/bin/v-delete-firewall-ban b/bin/v-delete-firewall-ban index cb5b352c..52f3403d 100755 --- a/bin/v-delete-firewall-ban +++ b/bin/v-delete-firewall-ban @@ -53,11 +53,6 @@ $iptables -D fail2ban-$chain $b 2>/dev/null # Changing permissions chmod 660 $conf -# nginx deny rules conf -if [ "$chain" = "WEB" ] && [ -f "/etc/nginx/conf.d/block.conf" ]; then - sed -i "/deny $ip;/d" /etc/nginx/conf.d/block.conf - systemctl reload nginx -fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-firewall-rule b/bin/v-delete-firewall-rule index 10fd0fb9..8f646644 100755 --- a/bin/v-delete-firewall-rule +++ b/bin/v-delete-firewall-rule @@ -34,21 +34,12 @@ is_object_valid '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# -oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) - # Deleting rule sed -i "/RULE='$rule' /d" $VESTA/data/firewall/rules.conf # Updating system firewall $BIN/v-update-firewall -if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then - parse_object_kv_list_non_eval "$oldvalues" - if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then - sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf - systemctl restart nginx - fi -fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-delete-inactive-wordpress-plugins-and-themes b/bin/v-delete-inactive-wordpress-plugins-and-themes deleted file mode 100644 index e9b1715c..00000000 --- a/bin/v-delete-inactive-wordpress-plugins-and-themes +++ /dev/null @@ -1,165 +0,0 @@ -#!/bin/bash -# info: delete inactive WordPress plugins and themes -# options: DOMAIN - -#----------------------------------------------------------# -# Variable & Function # -#----------------------------------------------------------# - -[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } -source /etc/profile - -DOMAIN="$1" -[ -z "$DOMAIN" ] && { echo "Usage: v-delete-inactive-wordpress-plugins-and-themes DOMAIN"; exit 1; } - -USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" -[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } - -WP_PATH="/home/$USER/web/$DOMAIN/public_html" -[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } - -# WP-CLI wrapper -if [ ! -z "$PHP" ]; then - WP_RUN="PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" -else - WP_RUN="/usr/local/vesta/bin/v-run-wp-cli $DOMAIN --skip-plugins --skip-themes" -fi - -quarantined=0; - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -cd "$WP_PATH" || exit 1 -echo "Inactive WordPress plugins for $DOMAIN:" -echo "-------------------------------------" - -RUN="$WP_RUN plugin list --format=csv --skip-plugins --skip-themes" -PLUGINS_LIST_CSV=$(eval "$RUN") -return_code=$? - -if [ $return_code -ne 0 ]; then - echo "WP-CLI error:" - echo "return code: $return_code" - cat /home/$USER/web/$DOMAIN/wp-cli-error.log - exit $return_code -fi - -PLUGINS_LIST_CSV=$(echo "$PLUGINS_LIST_CSV" | tail -n +2) - -DEACTIVATED_PLUGINS_LIST_CSV="" - -if [ ! -z "$PLUGINS_LIST_CSV" ]; then - printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" - while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do - if [ "$STATUS" = "inactive" ]; then - printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" - DEACTIVATED_PLUGINS_LIST_CSV="$DEACTIVATED_PLUGINS_LIST_CSV\n$NAME" - fi - done <<< "$PLUGINS_LIST_CSV" -else - echo "No plugins found." -fi - -if [ ! -z "$DEACTIVATED_PLUGINS_LIST_CSV" ]; then - echo "" - read -r -p "Do you want to move inactive plugins to quarantine? (y/n, default: y): " RESPONSE < /dev/tty - if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then - while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do - if [ "$STATUS" = "inactive" ]; then - folder="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME" - file="/home/$USER/web/$DOMAIN/public_html/wp-content/plugins/$NAME.php" - if [ -d "$folder" ] || [ -f "$file" ]; then - destination_base_folder="/srv/wp-deactivated-plugins/$DOMAIN" - if [ -d "$folder" ]; then - source_path="$folder" - destination_path="$destination_base_folder/$NAME" - elif [ -f "$file" ]; then - source_path="$file" - destination_path="$destination_base_folder/$NAME.php" - fi - mkdir -p $destination_base_folder - chown $USER:$USER $destination_base_folder - mv $source_path $destination_path - if [ -d "$destination_path" ]; then - echo "= Folder $source_path moved to $destination_path" - quarantined=1; - fi - if [ -f "$destination_path" ]; then - echo "= File $source_path moved to $destination_path" - quarantined=1; - fi - else - echo "=== ERROR: Folder $folder or file $file not found - it does not exist?" - fi - fi - done <<< "$PLUGINS_LIST_CSV" - fi -fi - -echo "" -echo "Inactive WordPress themes for $DOMAIN:" -echo "-------------------------------------" - -RUN="$WP_RUN theme list --format=csv --skip-plugins --skip-themes" -THEMES_LIST_CSV=$(eval "$RUN") -return_code=$? - -if [ $return_code -ne 0 ]; then - echo "WP-CLI error:" - echo "return code: $return_code" - cat /home/$USER/web/$DOMAIN/wp-cli-error.log - exit $return_code -fi - -THEMES_LIST_CSV=$(echo "$THEMES_LIST_CSV" | tail -n +2) - -DEACTIVATED_THEMES_LIST_CSV="" - -if [ ! -z "$THEMES_LIST_CSV" ]; then - printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "name" "status" "update" "version" "update_version" "auto_update" - while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do - if [ "$STATUS" = "inactive" ]; then - printf "%-30s %-20s %-20s %-20s %-20s %-20s\n" "$NAME" "$STATUS" "$UPDATE" "$VERSION" "$UPDATE_VERSION" "$AUTO_UPDATE" - DEACTIVATED_THEMES_LIST_CSV="$DEACTIVATED_THEMES_LIST_CSV\n$NAME" - fi - done <<< "$THEMES_LIST_CSV" -else - echo "No themes found." -fi - -if [ ! -z "$DEACTIVATED_THEMES_LIST_CSV" ]; then - echo "" - read -r -p "Do you want to move inactive themes to quarantine? (y/n, default: y): " RESPONSE < /dev/tty - if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then - while IFS=',' read -r NAME STATUS UPDATE VERSION UPDATE_VERSION AUTO_UPDATE; do - if [ "$STATUS" = "inactive" ]; then - folder="/home/$USER/web/$DOMAIN/public_html/wp-content/themes/$NAME" - if [ -d "$folder" ]; then - destination_base_folder="/srv/wp-deactivated-themes/$DOMAIN" - source_path="$folder" - destination_path="$destination_base_folder/$NAME" - mkdir -p $destination_base_folder - chown $USER:$USER $destination_base_folder - mv $source_path $destination_path - if [ -d "$destination_path" ]; then - echo "= Folder $source_path moved to $destination_path" - quarantined=1; - fi - else - echo "=== ERROR: Folder $folder not found - it does not exist?" - fi - fi - done <<< "$THEMES_LIST_CSV" - fi -fi - -echo "" -if [ $quarantined -eq 1 ]; then - echo "= All deactivated plugins and themes moved to quarantine." - echo "= You can find them in /srv/wp-deactivated-plugins/$DOMAIN and /srv/wp-deactivated-themes/$DOMAIN" -else - echo "= No deactivated plugins or themes found." -fi -exit 0; diff --git a/bin/v-delete-mail-domain b/bin/v-delete-mail-domain index 9be565bb..ee727aa9 100755 --- a/bin/v-delete-mail-domain +++ b/bin/v-delete-mail-domain @@ -51,9 +51,6 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then rm -f /etc/$MAIL_SYSTEM/domains/$domain_idn rm -rf $HOMEDIR/$user/conf/mail/$domain rm -rf $HOMEDIR/$user/mail/$domain_idn - if [ -d "/hdd/home/$user/mail/$domain_idn" ]; then - rm -rf /hdd/home/$user/mail/$domain_idn - fi fi # Deleting dkim dns record diff --git a/bin/v-delete-mail-domain-dkim b/bin/v-delete-mail-domain-dkim index 7cfbab58..f11e48d4 100755 --- a/bin/v-delete-mail-domain-dkim +++ b/bin/v-delete-mail-domain-dkim @@ -48,7 +48,7 @@ fi # Deleting dns record if [ ! -z "$DNS_SYSTEM" ] && [ -e "$USER_DATA/dns/$domain.conf" ]; then records=$($BIN/v-list-dns-records $user $domain plain) - dkim_records=$(echo "$records" |grep -w '_domainkey' | awk '{print $1}') + dkim_records=$(echo "$records" |grep -w '_domainkey' | cut -f 1 -d ' ') for id in $dkim_records; do $BIN/v-delete-dns-record $user $domain $id done diff --git a/bin/v-delete-mails b/bin/v-delete-mails deleted file mode 100644 index 24ac68e5..00000000 --- a/bin/v-delete-mails +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash -# info: delete old emails (by mtime) for user/domain/account, with optional scope -# usage: v-delete-mails USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE -# SCOPE: all – clean every Maildir folder (cur, new, tmp, custom subfolders) -# trash – clean only Trash/Junk/Spam folders - -# load Vesta functions & config -source "$VESTA/func/main.sh" -source "$VESTA/conf/vesta.conf" - -# read arguments -user="$1" -domain="$2" -account="$3" -mtime="$4" -scope="$5" - -# verify argument count -check_args '5' "$#" 'USER DOMAIN ACCOUNT MTIME_DAYS|all SCOPE' - -# validate scope -if [[ "$scope" != "all" && "$scope" != "trash" ]]; then - echo "ERROR: SCOPE must be 'all' or 'trash'." - exit 1 -fi - -# validate logical combinations -if [[ "$user" == "all" ]]; then - if [[ "$domain" != "all" || "$account" != "all" ]]; then - echo "ERROR: When USER is 'all', both DOMAIN and ACCOUNT must be 'all'." - exit 1 - fi -elif [[ "$domain" == "all" && "$account" != "all" ]]; then - echo "ERROR: When DOMAIN is 'all', ACCOUNT must also be 'all'." - exit 1 -fi - -# build a detailed summary for the warning -declare -a summary_parts -if [[ "$user" == "all" ]]; then - summary_parts+=("all users") -else - summary_parts+=("user '$user'") -fi - -if [[ "$domain" == "all" ]]; then - summary_parts+=("all domains") -else - summary_parts+=("domain '$domain'") -fi - -if [[ "$account" == "all" ]]; then - summary_parts+=("all accounts") -else - summary_parts+=("account '$account'") -fi - -# join with commas -summary=$(printf ", %s" "${summary_parts[@]}") -summary=${summary:2} - -# only warn if any of them is 'all' or if mtime is 'all' -if [[ "$mtime" == "all" || "$user" == "all" || "$domain" == "all" || "$account" == "all" ]]; then - echo "WARNING: This will delete emails older than '$mtime' days for ${summary}." - read -p "Are you sure? (yes/no): " confirm - [[ "$confirm" != "yes" ]] && { echo "Aborted."; exit 1; } -fi - -# function to delete emails -delete_emails() { - local u="$1" d="$2" a="$3" - local maildir="/home/$u/mail/$d/$a" - - [[ ! -d "$maildir" ]] && return - - echo "→ Cleaning '$a@$d' (user: $u), scope: $scope, mtime: $mtime" - - # build find predicates - if [[ "$scope" == "all" ]]; then - folder_expr=( -path "*/cur/*" -o -path "*/new/*" -o -path "*/tmp/*" ) - else - folder_expr=( -ipath "*/trash/*" -o -ipath "*/junk/*" -o -ipath "*/spam/*" ) - fi - - # assemble and run find - if [[ "$mtime" == "all" ]]; then - find "$maildir" -type f \( "${folder_expr[@]}" \) -print -delete 2>/dev/null - else - find "$maildir" -type f \( "${folder_expr[@]}" \) -mtime +"$mtime" -print -delete 2>/dev/null - fi -} - -# collect users -if [[ "$user" == "all" ]]; then - users=$(v-list-users plain | awk '{print $1}') -else - users="$user" -fi - -# iterate through users, domains, accounts -for u in $users; do - if [[ "$domain" == "all" ]]; then - domains=$(v-list-mail-domains "$u" plain | awk '{print $1}') - else - domains="$domain" - fi - - for d in $domains; do - if [[ "$account" == "all" ]]; then - accounts=$(v-list-mail-accounts "$u" "$d" plain | awk '{print $1}') - else - accounts="$account" - fi - - for a in $accounts; do - delete_emails "$u" "$d" "$a" - done - done -done - -# restart dovecot to refresh mailbox state -systemctl restart dovecot - -# log the action (status first, then message) -log_event "$OK" "Deleted emails (>$mtime days, scope=$scope) for $user $domain $account" - -exit 0 diff --git a/bin/v-delete-user b/bin/v-delete-user index cdf809eb..c452f0a0 100755 --- a/bin/v-delete-user +++ b/bin/v-delete-user @@ -94,9 +94,6 @@ fi # Deleting user directories chattr -i $HOMEDIR/$user/conf rm -rf $HOMEDIR/$user -if [ -d "/hdd/home/$user" ]; then - rm -rf /hdd/home/$user -fi rm -f /var/spool/mail/$user rm -f /var/spool/cron/$user rm -f /var/spool/cron/crontabs/$user diff --git a/bin/v-delete-web-domain b/bin/v-delete-web-domain index e64dd9a7..43362e34 100755 --- a/bin/v-delete-web-domain +++ b/bin/v-delete-web-domain @@ -130,9 +130,6 @@ rm -f /var/log/$WEB_SYSTEM/domains/$domain.error* # Deleting directory rm -rf $HOMEDIR/$user/web/$domain -if [ -d "/hdd/home/$user/web/$domain" ]; then - rm -rf /hdd/home/$user/web/$domain -fi #----------------------------------------------------------# diff --git a/bin/v-delete-wordpress-uploads-php-files b/bin/v-delete-wordpress-uploads-php-files deleted file mode 100644 index ce72c0c4..00000000 --- a/bin/v-delete-wordpress-uploads-php-files +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -# info: delete PHP files from WordPress uploads folder -# options: DOMAIN - -#----------------------------------------------------------# -# Variable & Function # -#----------------------------------------------------------# - -[ "$(whoami)" != "root" ] && { echo "You must be root to run this command."; exit 1; } -source /etc/profile - -DOMAIN="$1" -[ -z "$DOMAIN" ] && { echo "Usage: v-delete-wordpress-uploads-php-files DOMAIN"; exit 1; } - -USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" -[ -z "$USER" ] && { echo "Domain $DOMAIN does not exist."; exit 1; } - -WP_PATH="/home/$USER/web/$DOMAIN/public_html" -[ ! -f "$WP_PATH/wp-config.php" ] && { echo "WordPress is not installed on this domain."; exit 1; } - -quarantined=0; - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -cd "$WP_PATH" || exit 1 - -files=$(find wp-content/uploads/ -type f -name "*.php") - -if [ -z "$files" ]; then - echo "= No PHP files found in WordPress uploads folder." - exit 0; -fi - -echo "= Found PHP files in WordPress uploads folder for domain $DOMAIN :" -echo "-------------------------------------" -echo "$files" -echo "-------------------------------------" - -read -r -p "Do you want to move these files to quarantine? (y/n, default: y): " RESPONSE < /dev/tty -if [ "$RESPONSE" == "y" ] || [ "$RESPONSE" == "Y" ] || [ -z "$RESPONSE" ]; then - for file in $files; do - source_file="/home/$USER/web/$DOMAIN/public_html/$file" - destination_file="/srv/wp-uploads-php-files-quarantine/$DOMAIN/$file" - destination_folder=$(dirname "$destination_file") - mkdir -p "$destination_folder" - chown $USER:$USER "$destination_folder" - mv "$source_file" "$destination_file" - echo "= File $source_file moved to $destination_file" - quarantined=1; - done - chown -R $USER:$USER "/srv/wp-uploads-php-files-quarantine/$DOMAIN" -fi - -echo "" -if [ $quarantined -eq 1 ]; then - echo "= All PHP files moved to quarantine." - echo "= You can find them in /srv/wp-uploads-php-files-quarantine/$DOMAIN" -else - echo "= No PHP files found in WordPress uploads folder." -fi - -exit 0; \ No newline at end of file diff --git a/bin/v-desinfect-wordpress b/bin/v-desinfect-wordpress deleted file mode 100644 index 51ee217e..00000000 --- a/bin/v-desinfect-wordpress +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/bash -# info: disinfect a WordPress site with several maintenance commands -# options: DOMAIN - -# -------------------------------------------------------- # -# variables and checks # -# -------------------------------------------------------- # - -if [ "$(whoami)" != "root" ]; then - echo "You must be root to run this command." - exit 1 -fi - -# make sure all Vesta helper scripts are reachable -export PATH="/usr/local/vesta/bin:$PATH" -source /etc/profile - -domain="$1" -if [ -z "$domain" ]; then - echo "Usage: v-desinfect-wp DOMAIN" - exit 1 -fi - -user=$(/usr/local/vesta/bin/v-search-domain-owner "$domain") -if [ -z "$user" ]; then - echo "Domain $domain does not exist." - exit 1 -fi - -if [ ! -f "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" ]; then - echo "= WordFence CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wordfence-cli -fi - -# absolute paths to maintenance scripts, in desired order -declare -a tasks=( - "/usr/local/vesta/bin/v-change-database-password-for-wordpress" - "/usr/local/vesta/bin/v-change-wordpress-admin-passwords" - "/usr/local/vesta/bin/v-fix-wordpress-core" - "/usr/local/vesta/bin/v-delete-inactive-wordpress-plugins-and-themes" - "/usr/local/vesta/bin/v-delete-wordpress-uploads-php-files" - "/usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" - "INTERACTIVE=1 /usr/local/vesta/bin/v-wf-malware-hyperscan-with-remediate" -) - -# -------------------------------------------------------- # -# execution strategy # -# -------------------------------------------------------- # - -echo -read -r -p "Run all maintenance steps automatically? (y/n) " run_all < /dev/tty - -if [[ "$run_all" =~ ^[Yy]$ ]]; then - echo "Running all maintenance steps for $domain" - automatic=true -else - echo - echo "Selective mode. You will be asked for each step." - automatic=false -fi - -for cmd in "${tasks[@]}"; do - if [ ! -x "$cmd" ]; then - echo "Command $cmd not found or not executable, skipping." - continue - fi - - if [ "$automatic" = false ]; then - while true; do - read -r -p "Run $(basename "$cmd") for $domain? (y/n) " yn < /dev/tty - case "$yn" in - [Yy]* ) break ;; - [Nn]* ) echo "Skipping $(basename "$cmd")."; continue 2 ;; - * ) echo "Please answer y or n." ;; - esac - done - fi - - echo - echo "=== $(basename "$cmd") $domain ===" - "$cmd" "$domain" -done - -echo -echo "Done." -exit 0 diff --git a/bin/v-df-snapshot-diff b/bin/v-df-snapshot-diff deleted file mode 100644 index ee427bd2..00000000 --- a/bin/v-df-snapshot-diff +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/bash -# info: Make a diff between two snapshots of the disk usage -# options: FILE1 FILE2 - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Let's declare three associative arrays -declare -A FILE1 -declare -A FILE2 -declare -A FILED - -file1=$1 -file2=$2 - -if [[ ! "$file1" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then - file1="/usr/local/vesta/data/df/$file1" -fi - -if [[ ! "$file2" =~ ^/usr/local/vesta/data/df/snapshot-.*\.txt$ ]]; then - file2="/usr/local/vesta/data/df/$file2" -fi - -if [ ! -f "$file1" ]; then - echo "File $file1 not found" - exit 1 -fi - -if [ ! -f "$file2" ]; then - echo "File $file2 not found" - exit 1 -fi - -timestamp=$(date +%Y-%m-%d-%H-%M-%S) -mkdir -p /usr/local/vesta/data/df-diff -file0="/usr/local/vesta/data/df-diff/diff-$timestamp.txt" -file0s="/usr/local/vesta/data/df-diff/diff-size-sorted-$timestamp.txt" -file0f="/usr/local/vesta/data/df-diff/diff-folder-sorted-$timestamp.txt" -touch $file0 - -# Let's load the first file and fill the array FILE1 -while IFS=$'\t' read SIZE DIRECTORY; do - # Skip blank lines or lines that are not in the correct format - [[ -z "$DIRECTORY" ]] && continue - [[ "$DIRECTORY" = "total" ]] && continue - # Insert values into the array - FILE1["$DIRECTORY"]="$SIZE" -done < "$file1" - -# Let's load the second file and fill the array FILE2 -while IFS=$'\t' read SIZE DIRECTORY; do - # Skip blank lines or lines that are not in the correct format - [[ -z "$DIRECTORY" ]] && continue - [[ "$DIRECTORY" = "total" ]] && continue - # Insert values into the array - FILE2["$DIRECTORY"]="$SIZE" -done < "$file2" - -# We iterate through FILE1 and look for the matching key in FILE2 -for k in "${!FILE1[@]}"; do - if [[ -v FILE2["$k"] ]]; then - # If there is the same folder (KEY) in FILE2 - DIFF=$(( ${FILE2[$k]} - ${FILE1[$k]} )) - FILED["$k"]=$DIFF - echo -e "${DIFF}\t${k}" >> $file0 - else - # If the folder (KEY) is not found in FILE2 - FILED["$k"]=${FILE1["$k"]} - echo -e "${FILE1["$k"]}\t${k}" >> $file0 - fi -done - -# sorted by size -sort -nr -k1,1 $file0 > $file0s - -# sorted by folders -while IFS=$'\t' read SIZE DIRECTORY; do - [[ -z "$DIRECTORY" ]] && continue - [[ "$DIRECTORY" = "total" ]] && continue - echo -e "$DIRECTORY\t${FILED["$DIRECTORY"]}" >> $file0f -done < "$file2" - -chmod 600 $file0 $file0s $file0f -chown root:root $file0 $file0s $file0f - -echo "Done." -echo "You can do:" -echo "mcview $file0" -echo "mcview $file0s" -echo "mcview $file0f" -echo "--------------------------------" -echo "Here is the first 30 lines of the diff, sorted by size (descending, in MB):" -head -n 30 $file0s -echo "--------------------------------" -echo "Here is the first 30 lines of the diff, sorted by folders (in MB):" -head -n 30 $file0f -echo "--------------------------------" - -exit 0 diff --git a/bin/v-df-snapshot-logs-cleaner b/bin/v-df-snapshot-logs-cleaner deleted file mode 100644 index 63275034..00000000 --- a/bin/v-df-snapshot-logs-cleaner +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# info: Clean up old snapshots of the disk usage -# options: NONE - -folder="/usr/local/vesta/data/df" -mkdir -p $folder -find $folder -type f -mtime +30 -delete - -folder="/usr/local/vesta/data/df-diff" -mkdir -p $folder -find $folder -type f -mtime +30 -delete diff --git a/bin/v-df-snapshot-make b/bin/v-df-snapshot-make deleted file mode 100644 index 985aab15..00000000 --- a/bin/v-df-snapshot-make +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -# info: Make a snapshot of the disk usage -# options: NONE - -folder="/usr/local/vesta/data/df" - -mkdir -p $folder -timestamp=$(date +%Y-%m-%d-%H-%M-%S) - -du --max-depth=1 -m -x / > $folder/snapshot-$timestamp.txt - -du --max-depth=6 -m -x /home > $folder/snapshot-temp.txt -for i in {2..7}; do - while IFS= read -r line; do - count=0 - for (( j=0; j<${#line}; j++ )); do - if [[ ${line:j:1} == "/" ]]; then - ((count++)) - fi - done - if [ $count -eq $i ]; then - printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt - fi - done < $folder/snapshot-temp.txt -done -rm $folder/snapshot-temp.txt - -if [ -d "/hdd" ]; then - du --max-depth=7 -m -x /hdd > $folder/snapshot-temp.txt - for i in {1..8}; do - while IFS= read -r line; do - count=0 - for (( j=0; j<${#line}; j++ )); do - if [[ ${line:j:1} == "/" ]]; then - ((count++)) - fi - done - if [ $count -eq $i ]; then - printf '%s\n' "$line" >> $folder/snapshot-$timestamp.txt - fi - done < $folder/snapshot-temp.txt - done - rm $folder/snapshot-temp.txt -fi - -du --max-depth=1 -m -x /var/lib/mysql >> $folder/snapshot-$timestamp.txt -du --max-depth=1 -m -x /var/log >> $folder/snapshot-$timestamp.txt - -chmod 600 $folder/snapshot-$timestamp.txt -chown root:root $folder/snapshot-$timestamp.txt - -exit 0 diff --git a/bin/v-edit-domain-php-ini b/bin/v-edit-domain-php-ini deleted file mode 100644 index 9eadfcee..00000000 --- a/bin/v-edit-domain-php-ini +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash -# info: Edit php.ini for certain domain -# options: DOMAIN - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -SILENT_MODE=1 - -# Argument definition -domain=$1 - -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh -source /usr/local/vesta/func/domain.sh - -if [ -z "$user" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '1' "$#" 'DOMAIN' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" - -if [ ! -d "/home/$user" ]; then - # echo "User doesn't exist"; - exit 1; -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - # echo "Domain doesn't exist"; - exit 1; -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -fpm_ver=$(/usr/local/vesta/bin/v-get-php-version-of-domain $domain) - -if [ -z "$fpm_ver" ]; then - echo "PHP version for domain $domain could not be determined." - exit 1 -fi - -config_file="/etc/php/${fpm_ver}/fpm/pool.d/${domain}.conf" - -if command -v mcedit >/dev/null; then - mcedit "$config_file" -else - nano "$config_file" -fi - -echo "Restarting PHP-FPM service for PHP version ${fpm_ver}" -systemctl restart php${fpm_ver}-fpm -if [ $? -ne 0 ]; then - systemctl status php${fpm_ver}-fpm - echo "=========================" - echo "" - echo "ERROR: php${fpm_ver}-fpm restart failed - please re-run the command and fix the problem !!!" - echo "" - exit $E_RESTART; -else - echo "The PHP-FPM service for PHP version ${fpm_ver} has been restarted successfully." -fi -echo "" - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -exit 0; diff --git a/bin/v-edit-php-ini b/bin/v-edit-php-ini deleted file mode 100644 index 0155e6bb..00000000 --- a/bin/v-edit-php-ini +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -# info: Edit php.ini for a specific PHP version - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Includes -source $VESTA/func/main.sh - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# List available PHP versions and store them into an array -mapfile -t php_versions < <(/usr/local/vesta/bin/v-list-php) - -echo "Available PHP versions:" -PS3="Please select the PHP version you want to edit php.ini for: " - -select php_version in "${php_versions[@]}"; do - if [[ -n $php_version ]]; then - break - else - echo "Invalid choice. Please try again." - fi -done - -# Define path to the php.ini file -php_ini_path="/etc/php/${php_version}/fpm/php.ini" - -# Check if php.ini exists for the selected version -if [[ ! -f "$php_ini_path" ]]; then - echo "The php.ini file for the selected PHP version ($php_version) does not exist." - exit 1 -fi - -# Determine the text editor to use -if command -v mcedit >/dev/null 2>&1; then - editor_cmd="mcedit" -elif command -v nano >/dev/null 2>&1; then - editor_cmd="nano" -else - echo "No supported text editor found. Please install 'mcedit' or 'nano'." - exit 1 -fi - -# Open php.ini for the chosen PHP version in the selected editor -echo "Opening $php_ini_path in editor $editor_cmd..." -$editor_cmd "$php_ini_path" - -# Restart the PHP-FPM service for the selected version -echo "Restarting the PHP-FPM service for PHP version $php_version..." -systemctl restart php${php_version}-fpm -if [ $? -ne 0 ]; then - systemctl status php${php_version}-fpm - echo "=========================" - echo "" - echo "ERROR: php${php_version}-fpm restart failed - please re-run the command and fix the problem !!!" - echo "" - exit $E_RESTART; -else - echo "The PHP-FPM service for PHP version ${php_version} has been restarted successfully." -fi - -#----------------------------------------------------------# -# Exit # -#----------------------------------------------------------# - -exit 0; diff --git a/bin/v-fix-php-ini-disable-functions b/bin/v-fix-php-ini-disable-functions deleted file mode 100644 index 3bce868f..00000000 --- a/bin/v-fix-php-ini-disable-functions +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1; -fi - -if [ -f "/tmp/patched" ]; then rm /tmp/patched; fi; - -echo "=== Fixing php.ini files to have the correct disable_functions line" - -export NOTFOUNDVAL="exec,system,passthru,shell_exec" -export LINEBEGINSWITH="disable_functions =" -export NEWVAL="disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" - -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Fixing existing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|^$LINEBEGINSWITH.*|$NEWVAL|g" $arg; fi; done' _ - -export NOTFOUNDVAL2="^$LINEBEGINSWITH" -export REMOVELINETHATCONTAINS=$LINEBEGINSWITH - -find /etc/php/*/fpm/ -type f -name "php.ini" -exec grep -L "$NOTFOUNDVAL2" {} \; | xargs sh -c 'found=0; for arg do if [ ! -f "$arg.disable_patching" ]; then if [ $found -eq 0 ]; then echo "== Adding missing lines"; found=1; touch /tmp/patched; fi; echo "= Patching $arg"; sed -i "s|.*$REMOVELINETHATCONTAINS.*||g" $arg; echo "$NEWVAL" >> $arg; fi; done' _ - -if [ -f "/tmp/patched" ]; then - rm /tmp/patched - - echo "== Restarting all PHP-FPM services" - systemctl --full --type service --all | grep "php...-fpm" | sed 's#●##g' | awk '{print $1}' | xargs systemctl restart - - echo "=== Everything done." -else - echo "=== Everything is already correct." -fi - -exit 0; diff --git a/bin/v-fix-user-permissions b/bin/v-fix-user-permissions index 47690477..ae798992 100644 --- a/bin/v-fix-user-permissions +++ b/bin/v-fix-user-permissions @@ -44,15 +44,14 @@ find /home/$user/mail/*/ -type d -exec chmod u+rwx {} \; find /home/$user/mail/*/ -type d -exec chmod g+rwx {} \; find /home/$user/mail/*/ -type f -exec chmod u+rw {} \; find /home/$user/mail/*/ -type f -exec chmod g+rw {} \; -find /home/$user/mail/*/ -maxdepth 1 -type d -exec chmod g-rwx {} \; + find /home/$user/conf/dns/ -type f -exec chown root:bind {} \; find /home/$user/conf/ -type d -exec chown root:root {} \; -for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do - /usr/local/vesta/bin/v-fix-website-permissions $domain $user - echo "--------------------------------" -done +find /home/$user/web/*/public_html/ -type d -exec chmod 755 {} + +find /home/$user/web/*/public_html/ -type f -exec chmod 644 {} + +find /home/$user/web/*/public_html/ -exec chown $user:$user {} \; echo "Done, permissions fixed for user: $user" diff --git a/bin/v-fix-website-permissions b/bin/v-fix-website-permissions deleted file mode 100644 index 50b143c8..00000000 --- a/bin/v-fix-website-permissions +++ /dev/null @@ -1,161 +0,0 @@ -#!/bin/bash -# info: Fixing chown and chmod permissions for a website -# options: DOMAIN [USER] - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -# Argument definition -domain=$1 - -# Check if number of arguments is 2 -if [ $# -eq 2 ]; then - user=$2 -else - user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -fi -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh -source /usr/local/vesta/conf/vesta.conf - -if [ -z "$user" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '1' "$#" 'DOMAIN' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" - -if [ ! -d "/home/$user" ]; then - echo "Error: Folder /home/$user doesn't exist"; - exit 1; -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; - exit 1; -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# Going to domain directory -cd /home/$USER/web/$domain - -# Ownership check -if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then - owner=$(stat -c '%U' "public_html/index.php") - if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then - echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" - exit 1 - fi -fi - -echo "Updating permissions and ownership for /home/$USER/web/$domain/" - -php_chmod_allowed=1 -if [ -f "/home/php_chmod_disabled" ]; then - php_chmod_allowed=0 -fi -if [ -f "/home/$USER/php_chmod_disabled" ]; then - php_chmod_allowed=0 -fi -if [ -f "/home/$USER/web/php_chmod_disabled" ]; then - php_chmod_allowed=0 -fi -if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then - php_chmod_allowed=0 -fi - -# === General files and directories permissions === -if [ "$php_chmod_allowed" -eq 1 ]; then - # New way of fixing permissions - # Fixing permissions - find public_html/ -type d ! -perm 755 -exec chmod 755 {} + - find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -perm 644 -exec chmod 644 {} + - - # Fixing ownership - find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + - find public_html/ -type f ! \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + -else - # Old way of fixing permissions - # Fixing permissions - find public_html/ -type d ! -perm 755 -exec chmod 755 {} + - find public_html/ -type f ! -perm 644 -exec chmod 644 {} + - - # Fixing ownership - find public_html/ -type d ! -user $USER -exec chown $USER:$USER {} + - find public_html/ -type f ! -user $USER -exec chown $USER:$USER {} + -fi - -# === PHP and .env permissions === -if [ "$php_chmod_allowed" -eq 1 ]; then - php_chmod="600" - - if [ "$WEB_SYSTEM" = 'nginx' ]; then - php_chmod="644" - fi - - if [ -f "/home/php_chmod" ]; then - php_chmod=$(cat /home/php_chmod) - fi - if [ -f "/home/$USER/php_chmod" ]; then - php_chmod=$(cat /home/$USER/php_chmod) - fi - if [ -f "/home/$USER/web/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/php_chmod) - fi - if [ -f "/home/$USER/web/$domain/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/$domain/php_chmod) - fi - - # Setting chmod 600 for all .php and .env files - echo "= Setting chmod $php_chmod for all .php and .env files" - # Fixing permissions - find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + - # Fixing ownership - find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + -fi - -# === Symlinks ownership === -symlink_chown_allowed=1 -if [ -f "/home/symlink_chown_disabled" ]; then - symlink_chown_allowed=0 -fi -if [ -f "/home/$USER/symlink_chown_disabled" ]; then - symlink_chown_allowed=0 -fi -if [ -f "/home/$USER/web/symlink_chown_disabled" ]; then - symlink_chown_allowed=0 -fi -if [ -f "/home/$USER/web/$domain/symlink_chown_disabled" ]; then - symlink_chown_allowed=0 -fi - -if [ "$symlink_chown_allowed" -eq 1 ]; then - find -type l ! -user $USER -exec chown -h $USER:$USER {} + -fi - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# -echo "Permissions for $domain have been successfully updated." - -exit 0 diff --git a/bin/v-fix-website-permissions-for-all-websites b/bin/v-fix-website-permissions-for-all-websites deleted file mode 100644 index 9b1501bd..00000000 --- a/bin/v-fix-website-permissions-for-all-websites +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -# info: fix website permissions for all websites -# options: -# -# The command is used for fixing website permissions for all websites on the server. - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Importing system variables -source /etc/profile - -# Includes -source $VESTA/func/main.sh - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -for user in $(grep '@' /etc/passwd |cut -f1 -d:); do - if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then - continue; - fi - - for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do - /usr/local/vesta/bin/v-fix-website-permissions $domain $user - echo "--------------------------------" - done - -done - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-fix-website-permissions-for-all-websites-only-php b/bin/v-fix-website-permissions-for-all-websites-only-php deleted file mode 100644 index a89d2416..00000000 --- a/bin/v-fix-website-permissions-for-all-websites-only-php +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# info: fix website permissions for all websites -# options: -# -# The command is used for fixing website permissions for all websites on the server. - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Importing system variables -source /etc/profile - -# Includes -source $VESTA/func/main.sh - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -touch /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log -truncate -s 0 /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log - -for user in $(grep '@' /etc/passwd |cut -f1 -d:); do - if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then - continue; - fi - - for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do - /usr/local/vesta/bin/v-fix-website-permissions-only-php $domain $user >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log 2>&1 - echo "--------------------------------" >> /usr/local/vesta/log/fix-website-permissions-for-all-websites-only-php.log - done - -done - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-fix-website-permissions-only-php b/bin/v-fix-website-permissions-only-php deleted file mode 100644 index cf548e6b..00000000 --- a/bin/v-fix-website-permissions-only-php +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# info: Fixing PHP and .env permissions and ownership for a website -# options: DOMAIN [USER] - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -# Argument definition -domain=$1 - -# Check if number of arguments is 2 -if [ $# -eq 2 ]; then - user=$2 -else - user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -fi -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh -source /usr/local/vesta/conf/vesta.conf - -if [ -z "$user" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '1' "$#" 'DOMAIN' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" - -if [ ! -d "/home/$user" ]; then - echo "Error: Folder /home/$user doesn't exist"; - exit 1; -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "Error: Folder /home/$user/web/$domain/public_html doesn't exist"; - exit 1; -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# Going to domain directory -cd /home/$USER/web/$domain - -# Ownership check -if [ -z "$SKIP_OWNERSHIP_CHECK" ] && [ -f "public_html/index.php" ]; then - owner=$(stat -c '%U' "public_html/index.php") - if [ "$owner" = "root" ] || [ "$owner" = "www-data" ]; then - echo "Skipping permission fix for $domain, because v-lock-wordpress is used (index.php is owned by $owner)" - exit 1 - fi -fi - -echo "Updating PHP and .env permissions and ownership for /home/$USER/web/$domain/" - -php_chmod_allowed=1 -if [ -f "/home/php_chmod_disabled" ]; then - php_chmod_allowed=0 -fi -if [ -f "/home/$USER/php_chmod_disabled" ]; then - php_chmod_allowed=0 -fi -if [ -f "/home/$USER/web/php_chmod_disabled" ]; then - php_chmod_allowed=0 -fi -if [ -f "/home/$USER/web/$domain/php_chmod_disabled" ]; then - php_chmod_allowed=0 -fi - -# === PHP and .env permissions === -if [ "$php_chmod_allowed" -eq 1 ]; then - php_chmod="600" - - if [ "$WEB_SYSTEM" = 'nginx' ]; then - php_chmod="644" - fi - - if [ -f "/home/php_chmod" ]; then - php_chmod=$(cat /home/php_chmod) - fi - if [ -f "/home/$USER/php_chmod" ]; then - php_chmod=$(cat /home/$USER/php_chmod) - fi - if [ -f "/home/$USER/web/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/php_chmod) - fi - if [ -f "/home/$USER/web/$domain/php_chmod" ]; then - php_chmod=$(cat /home/$USER/web/$domain/php_chmod) - fi - - # Setting chmod 600 for all .php and .env files - echo "= Setting chmod $php_chmod for all .php and .env files" - # Fixing permissions - find -type f \( -name "*.php" -o -name "*.env" \) ! -perm $php_chmod -exec chmod $php_chmod {} + - # Fixing ownership - find -type f \( -name "*.php" -o -name "*.env" \) ! -user $USER -exec chown $USER:$USER {} + -fi - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# -echo "PHP and .env permissions and ownership for $domain have been successfully updated." - -exit 0 diff --git a/bin/v-fix-wordpress-core b/bin/v-fix-wordpress-core deleted file mode 100644 index 2bcd6c34..00000000 --- a/bin/v-fix-wordpress-core +++ /dev/null @@ -1,115 +0,0 @@ -#!/bin/bash -# info: fix compromised wp-admin and wp-includes -# options: DOMAIN [CACHE_DIR] -# -# Replaces wp-admin and wp-includes with clean copies that match -# the WordPress core version detected on the site. -# -# Example: -# v-fix-wp-core example.com -# v-fix-wp-core example.com /srv/wp-cache - -#----------------------------------------------------------# -# Variable & Function # -#----------------------------------------------------------# - -# Arguments -DOMAIN="$1" -CACHE_DIR="${2-/srv/wp-cache}" # default cache location - -QUARANTINE_DIR="/srv/wp-quarantine" - -# Includes -source $VESTA/func/main.sh -source $VESTA/conf/vesta.conf - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# -check_args '1' "$#" 'DOMAIN [CACHE_DIR]' -is_format_valid 'domain' - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -TMP_DIR="$(mktemp -d /tmp/wpfix.XXXXXX)" # temp workspace -trap 'rm -rf "$TMP_DIR"' EXIT - -# 1etermine WP version -if [ -z "$PHP" ]; then - WP_VERSION="$(/usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" -else - WP_VERSION="$(PHP=$PHP /usr/local/vesta/bin/v-run-wp-cli "$DOMAIN" core version | tr -d '[:space:]')" -fi - -check_result $? "cannot detect WP version" > /dev/null -if [ -z "$WP_VERSION" ]; then - check_result 1 "empty WP version string" -fi -echo "Detected WordPress version $WP_VERSION" - -# 2ind site owner and path -USER="$(/usr/local/vesta/bin/v-search-domain-owner "$DOMAIN")" -check_result $? "cannot find domain owner" > /dev/null -SITE_PATH="/home/$USER/web/$DOMAIN/public_html" -if [ ! -d "$SITE_PATH" ]; then - check_result 1 "site path $SITE_PATH does not exist" -fi - -# ensure cached core is present -CACHE_PATH="$CACHE_DIR/$WP_VERSION" -if [ ! -d "$CACHE_PATH/wp-admin" ] || [ ! -d "$CACHE_PATH/wp-includes" ]; then - echo "Cache for $WP_VERSION missing, downloading ZIP..." - - mkdir -p "$CACHE_PATH" - ZIP_URL="https://wordpress.org/wordpress-${WP_VERSION}.zip" - ZIP_FILE="$TMP_DIR/wp.zip" - - curl -fSL "$ZIP_URL" -o "$ZIP_FILE" - check_result $? "download failed" > /dev/null - - unzip -q "$ZIP_FILE" -d "$TMP_DIR" - check_result $? "unzip failed" > /dev/null - - mv "$TMP_DIR/wordpress/wp-admin" "$CACHE_PATH/" - mv "$TMP_DIR/wordpress/wp-includes" "$CACHE_PATH/" - cp "$TMP_DIR/wordpress"/*.php "$CACHE_PATH/" -fi - -# backup current core folders -TIMESTAMP="$(date +%Y%m%d%H%M%S)" -BACKUP_DIR="$QUARANTINE_DIR/$DOMAIN/backup-core-$TIMESTAMP" -mkdir -p "$BACKUP_DIR" -mv "$SITE_PATH/wp-admin" "$BACKUP_DIR/" -mv "$SITE_PATH/wp-includes" "$BACKUP_DIR/" - -for f in "$SITE_PATH"/*.php; do - [[ $(basename "$f") == "wp-config.php" ]] && continue - mv "$f" "$BACKUP_DIR/" -done -if [ -f "$SITE_PATH/.user.ini" ]; then - mv "$SITE_PATH/.user.ini" "$BACKUP_DIR/" -fi - -# chown -R www-data:www-data "$BACKUP_DIR" -check_result $? "backup failed" > /dev/null -echo "Old core folders moved to $BACKUP_DIR" - -# deploy clean core -rsync -a --delete "$CACHE_PATH/wp-admin/" "$SITE_PATH/wp-admin/" -rsync -a --delete "$CACHE_PATH/wp-includes/" "$SITE_PATH/wp-includes/" -check_result $? "rsync failed" > /dev/null - -for corephp in "$CACHE_PATH"/*.php; do - base=$(basename "$corephp") - [ "$base" = "wp-config.php" ] && continue - rsync -a "$corephp" "$SITE_PATH/$base" -done - -# fix permissions -SKIP_OWNERSHIP_CHECK=1 /usr/local/vesta/bin/v-fix-website-permissions $DOMAIN -# chown -R www-data:www-data "$BACKUP_DIR" - -echo "Done, core WP files, wp-admin and wp-includes replaced for $DOMAIN" -exit diff --git a/bin/v-get-dns-config b/bin/v-get-dns-config deleted file mode 100644 index d759c489..00000000 --- a/bin/v-get-dns-config +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash -# info: Get domain DNS config.db file content -# options: DOMAIN - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -SILENT_MODE=1 - -# Argument definition -domain=$1 - -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh -source /usr/local/vesta/func/domain.sh - -if [ -z "$user" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -check_args '1' "$#" 'DOMAIN' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" - -if [ ! -d "/home/$user" ]; then - # echo "User doesn't exist"; - exit 1; -fi - -if [ ! -d "/home/$user/web/$domain/public_html" ]; then - # echo "Domain doesn't exist"; - exit 1; -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -DNS_FILE="/home/$user/conf/dns/$domain.db" - -if [ -f "$DNS_FILE" ]; then - cat "$DNS_FILE" -else - echo "DNS configuration file for $domain does not exist." - exit 1 -fi - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -exit 0; diff --git a/bin/v-grep b/bin/v-grep index 9ea821e5..045751a5 100644 --- a/bin/v-grep +++ b/bin/v-grep @@ -9,19 +9,13 @@ #----------------------------------------------------------# -if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then +if [ -p /dev/stdin ]; then STDIN=$(cat -) if [ ! -z "$STDIN" ]; then - shift; - echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@" + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" exit $? fi fi -if [ "$1" == "--stdin" ]; then - shift; - php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_grep' "$@" -else - php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" -fi +php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_grep' "$@" exit $? diff --git a/bin/v-import-cpanel-backup b/bin/v-import-cpanel-backup index 43e8c3bf..f92ae5af 100644 --- a/bin/v-import-cpanel-backup +++ b/bin/v-import-cpanel-backup @@ -157,15 +157,9 @@ for sk_dbr in $sk_db_list echo " Create and restore ${sk_dbr} " sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.create - if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.create; then - v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.create - fi mysql < mysql/${sk_dbr}.create sed -i "s/utf8mb4_unicode_520_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql sed -i "s/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g" mysql/${sk_dbr}.sql - if grep -q ' enable the sandbox mode ' mysql/${sk_dbr}.sql; then - v-sed '/*!999999\- enable the sandbox mode */' '' mysql/${sk_dbr}.sql - fi mysql ${sk_dbr} < mysql/${sk_dbr}.sql else echo "Error: Cant restore database $sk_dbr alredy exists in mysql server" diff --git a/bin/v-install-unsigned-ssl b/bin/v-install-unsigned-ssl index 9ac2f188..8df023c9 100644 --- a/bin/v-install-unsigned-ssl +++ b/bin/v-install-unsigned-ssl @@ -52,9 +52,7 @@ fi # Action # #----------------------------------------------------------# -if [ -f "/home/$user/conf/web/ssl.$domain.crt" ]; then - /usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" -fi +/usr/local/vesta/bin/v-delete-web-domain-ssl "$user" "$domain" release=$(cat /etc/debian_version | tr "." "\n" | head -n1) diff --git a/bin/v-install-wordfence-cli b/bin/v-install-wordfence-cli deleted file mode 100644 index fc6ca0b5..00000000 --- a/bin/v-install-wordfence-cli +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# info: Script for installing WordFence CLI -# options: NONE - -if ! command -v git &> /dev/null; then - echo "= Git is not installed. Installing..." - apt-get update > /dev/null 2>&1 - apt-get install -y git -fi - -cd /root - -if [ ! -d "myvesta-wordfence-cli" ]; then - git clone https://github.com/isscbta/myvesta-wordfence-cli.git - cd ~/myvesta-wordfence-cli/ -else - cd ~/myvesta-wordfence-cli/ - git pull -fi - -echo "" -echo "----------------------------------------------------------------" -echo "" -echo "Which Docker container do you want to install for WordFence CLI?" -echo "1. WordFence CLI official Docker container" -echo "2. WordFence CLI Docker container maintained by myVesta" -read -r -p "Enter your choice: " choice < /dev/tty - -if [ "$choice" == "1" ]; then - bash wf-cli-install.sh -fi - -if [ "$choice" == "2" ]; then - bash wf-cli-install-our-image.sh -fi - -exit 0; diff --git a/bin/v-install-wordpress b/bin/v-install-wordpress index 25e38f3e..70f3fc7b 100644 --- a/bin/v-install-wordpress +++ b/bin/v-install-wordpress @@ -57,26 +57,17 @@ if [ -z "$database" ]; then fi fi -# Convert domain to IDN if available -if command -v idn2 >/dev/null 2>&1; then - database=$(idn2 "$database") - idn_domain=$(idn2 "$domain") -elif command -v idn >/dev/null 2>&1; then - database=$(idn "$database") - idn_domain=$(idn "$domain") -fi - if [ -z "$email" ]; then - email="info@$idn_domain"; + email="info@$domain"; fi if [ ! -d "/home/$user" ]; then - echo "= Error: Folder /home/$user doesn't exist"; + echo "User doesn't exist"; exit 1; fi if [ ! -d "/home/$user/web/$domain/public_html" ]; then - echo "= Error: Folder /home/$user/web/$domain/public_html doesn't exist"; + echo "Domain doesn't exist"; exit 1; fi @@ -104,72 +95,51 @@ PASSWDDB=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1) # Action # #----------------------------------------------------------# -PROTOCOL='https' - -if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then - echo "== Trying to install LetsEncrypt for domain $domain" - /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" -fi - -if [ ! -z "$FORCE_HTTP" ]; then - # Switch to http:// only if --FORCE_HTTP parameter is set - echo "== Force http://" - PROTOCOL='http' -fi - -TPL_CHANGED=0; - -if [ "$WEB_SYSTEM" != 'nginx' ]; then - if [ "$PROTOCOL" = "https" ]; then - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" - fi - if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" - fi +PROTOCOL='http' +if [ -z "$SKIP_LE" ]; then + if [ ! -f "/home/$user/conf/web/ssl.$domain.ca" ]; then + /usr/local/vesta/bin/v-add-letsencrypt-domain "$user" "$domain" "www.$domain" "yes" fi - if [ "$PROTOCOL" = "http" ]; then - if [ -f "/usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl" ] && [ $TPL_CHANGED -eq 0 ]; then - TPL_CHANGED=1; - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "hosting-firewall-wordpress" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" - fi +else + PROTOCOL='https' +fi + +if [ -f "/home/$user/conf/web/ssl.$domain.ca" ] || [ ! -z "$SKIP_LE" ]; then + PROTOCOL='https' + if [ -f "/usr/local/vesta/data/templates/web/nginx/force-https.stpl" ]; then + /usr/local/vesta/bin/v-change-web-domain-proxy-tpl "$user" "$domain" "force-https" "jpeg,jpg,png,gif,bmp,ico,svg,tif,tiff,css,js,ttf,otf,webp,txt,csv,rtf,doc,docx,xls,xlsx,ppt,pptx,odf,odp,ods,odt,pdf,psd,ai,eot,eps,ps,zip,tar,tgz,gz,rar,bz2,7z,aac,m4a,mp3,mp4,ogg,wav,wma,3gp,avi,flv,m4v,mkv,mov,mpeg,mpg,wmv,exe,iso,dmg,swf,woff,woff2" "yes" fi fi /usr/local/vesta/bin/v-add-database "$user" "$DBUSERSUF" "$DBUSERSUF" "$PASSWDDB" "mysql" +if [ ! -f "/usr/local/bin/wp" ]; then + echo "=== Downloading latest wp-cli" + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp +fi + WORKINGDIR="/home/$user/web/$domain/public_html" rm -rf $WORKINGDIR/* cd $WORKINGDIR -/usr/local/vesta/bin/v-run-wp-cli $domain core download -if [ ! -f "$WORKINGDIR/index.php" ]; then - echo "= WordPress installation failed: WordPress core download failed." - exit 1; -fi - -/usr/local/vesta/bin/v-run-wp-cli $domain core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB -if [ ! -f "$WORKINGDIR/wp-config.php" ]; then - echo "= WordPress installation failed: WordPress core config failed, wp-config.php not found." - exit 1; -fi +sudo -H -u$user wp core download +sudo -H -u$user wp core config --dbname=$DBUSER --dbuser=$DBUSER --dbpass=$PASSWDDB password=$(LC_CTYPE=C tr -dc A-Za-z0-9_\!\@\#\$\%\^\&\*\(\)-+= < /dev/urandom | head -c 12) wpadmin=$(echo "$domain" | sed 's#\.#_#g')_4dm1n -/usr/local/vesta/bin/v-run-wp-cli $domain core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR +sudo -H -u$user wp core install --url="$domain" --title="$domain" --admin_user="$wpadmin" --admin_password="$password" --admin_email="$email" --path=$WORKINGDIR mysql -u$DBUSER -p$PASSWDDB -e "USE $DBUSER; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'siteurl'; update wp_options set option_value = '$PROTOCOL://$domain' where option_name = 'home';" echo "=================================================================" -echo "Your WordPress installation is complete." +echo "Installation is complete. Your username/password is listed below." echo "" -echo "Website URL: $PROTOCOL://$domain/" +echo "Site: $PROTOCOL://$domain/" echo "" -echo "WordPress admin login: $PROTOCOL://$domain/wp-admin/" +echo "Login: $PROTOCOL://$domain/wp-admin/" echo "Username: $wpadmin" echo "Password: $password" echo "" diff --git a/bin/v-install-wp-cli b/bin/v-install-wp-cli deleted file mode 100644 index 17df71e8..00000000 --- a/bin/v-install-wp-cli +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -# info: Download WP CLI -# options: NONE - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -echo "= Installing WP CLI by downloading phar file..." -wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp -chmod +x /usr/local/bin/wp - -if [ -f "/usr/local/bin/wp" ]; then - echo "= WP CLI installed successfully." - echo "= Usage: v-run-wp-cli DOMAIN WP_CLI_COMMAND" - exit 0; -else - echo "= WP CLI installation failed." - echo "= Please install it manually." - exit 1; -fi diff --git a/bin/v-install-wp-cli-myvesta b/bin/v-install-wp-cli-myvesta deleted file mode 100644 index b65479f6..00000000 --- a/bin/v-install-wp-cli-myvesta +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash -# info: Download myVesta WP CLI -# options: NONE - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -if [ ! -f "/usr/local/bin/composer" ]; then - echo "= Composer is not installed. Installing..." - php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" - php composer-setup.php --install-dir=/usr/local/bin --filename=composer - php -r "unlink('composer-setup.php');" - echo "= Composer installed successfully." -fi - -if [ -d "/usr/local/bin/wp-cli" ]; then - echo "= Removing old myVesta WP CLI..." - rm -rf /usr/local/bin/wp-cli -fi - -echo "= Installing myVesta WP CLI..." - -cd /usr/local/bin -git clone https://github.com/wp-cli/wp-cli.git - -chown -R www-data:www-data wp-cli - -ver_ge() { - # usage: ver_ge 7.2 5.6 --> returns true if $1 is greater than or equal to $2 - [ "$(printf '%s\n' "$1" "$2" | sort -V | head -n1)" = "$2" ] -} - -current_php_version=$(readlink -f /usr/bin/php | grep -oP 'php\K[0-9]+\.[0-9]+') - -php_versions=$(/usr/local/vesta/bin/v-list-php) -for php_version in $php_versions; do - if ver_ge "$php_version" "7.2"; then - oldest_allowed_php_version=$php_version - break - fi -done - -echo "= Setting PHP version to $oldest_allowed_php_version" -update-alternatives --set php /usr/bin/php$oldest_allowed_php_version - -cd wp-cli/ -sudo -H -u www-data composer install - -echo "= Installing search-replace-command package..." -sudo -H -u www-data WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages php /usr/local/bin/wp-cli/php/boot-fs.php package install wp-cli/search-replace-command - -echo "= Setting PHP version to $current_php_version" -update-alternatives --set php /usr/bin/php$current_php_version - -# Fix terminal columns issue for WP CLI -echo "= Fixing terminal columns issue for WP CLI..." -/usr/local/vesta/bin/v-sed '$columns = 80;' "if (file_exists('/usr/local/bin/wp-cli/COLUMNS')) \$columns=intval(file_get_contents('/usr/local/bin/wp-cli/COLUMNS')); else \$columns = 80;" '/usr/local/bin/wp-cli/vendor/wp-cli/php-cli-tools/lib/cli/Shell.php' - -echo "" - -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= myVesta WP CLI installed successfully." - echo "= Usage: v-run-wp-cli-myvesta DOMAIN WP_CLI_COMMAND" - exit 0; -else - echo "= myVesta WP CLI installation failed." - echo "= Please install it manually." - exit 1; -fi diff --git a/bin/v-list-php b/bin/v-list-php deleted file mode 100644 index 846e40de..00000000 --- a/bin/v-list-php +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash -# info: list of installed php versions -# options: [FORMAT] -# -# The function for obtaining the list of installed PHP versions. - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument definition -format=${1-shell} - -# Includes -source $VESTA/func/main.sh - -# JSON list function -json_list() { - counter=$(echo "$phpversions" | wc -l) - i=1 - echo '[' - for phpversion in $phpversions; do - if [ "$i" -lt "$counter" ]; then - echo -e "\t\"$phpversion\"," - else - echo -e "\t\"$phpversion\"" - fi - (( ++i)) - done - echo "]" -} - -# shell list function -shell_list() { - for phpversion in $phpversions; do - echo "$phpversion" - done -} - -# PLAIN list function -plain_list() { - for phpversion in $phpversions; do - echo "$phpversion" - done -} - -# CSV list function -csv_list() { - for phpversion in $phpversions; do - echo "$phpversion" - done -} - - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# Obtaining the list of installed PHP-FPM versions -phpversions=$(find /etc/php/ -type d -name 'fpm' | sed "s|/etc/php/||" | sed "s|/fpm||" | sort) - -# Listing data -case $format in - json) json_list ;; - plain) plain_list ;; - csv) csv_list ;; - shell) shell_list ;; -esac - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -exit diff --git a/bin/v-list-php-apache b/bin/v-list-php-apache deleted file mode 100644 index e2e431b1..00000000 --- a/bin/v-list-php-apache +++ /dev/null @@ -1,91 +0,0 @@ -#!/bin/bash -# info: list of installed php versions that have Apache template. -# options: [FORMAT] -# -# The function obtains the list of installed PHP versions that have Apache template. - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Argument definition -format=${1-shell} - -# Includes -source $VESTA/func/main.sh - -# JSON list function -json_list() { - counter=$(echo "$phpversions" | wc -l) - i=1 - echo '[' - for phpversion in $phpversions; do - if [ "$i" -lt "$counter" ]; then - echo -e "\t\"$phpversion\"," - else - echo -e "\t\"$phpversion\"" - fi - (( ++i)) - done - echo "]" -} - -# shell list function -shell_list() { - for phpversion in $phpversions; do - echo "$phpversion" - done -} - -# PLAIN list function -plain_list() { - for phpversion in $phpversions; do - echo "$phpversion" - done -} - -# CSV list function -csv_list() { - for phpversion in $phpversions; do - echo "$phpversion" - done -} - -echo_phpversions_list() { - for element in "${phpversions_list[@]}"; do - echo "$element" - done -} - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -# Obtaining the list of installed PHP-FPM versions -fpmphpversions=$(/usr/local/vesta/bin/v-list-php) - -for phpversion in $fpmphpversions; do - phpversiontpl=${phpversion//./} - tpl="/usr/local/vesta/data/templates/web/apache2/PHP-FPM-$phpversiontpl.tpl" - if [ -f "$tpl" ]; then - phpversions_list+=("$phpversion") - fi -done - -phpversions=$(echo_phpversions_list) - -# Listing data -case $format in - json) json_list ;; - plain) plain_list ;; - csv) csv_list ;; - shell) shell_list ;; -esac - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -exit diff --git a/bin/v-list-sys-config b/bin/v-list-sys-config index a0fdbbbc..127f2176 100755 --- a/bin/v-list-sys-config +++ b/bin/v-list-sys-config @@ -54,8 +54,7 @@ json_list() { "SOFTACULOUS": "'$SOFTACULOUS'", "MAX_DBUSER_LEN": "'$MAX_DBUSER_LEN'", "MAIL_CERTIFICATE": "'$MAIL_CERTIFICATE'", - "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'", - "DISABLE_IP_CHECK": "'$DISABLE_IP_CHECK'" + "VESTA_CERTIFICATE": "'$VESTA_CERTIFICATE'" } }' } diff --git a/bin/v-make-main-apache-log b/bin/v-make-main-apache-log deleted file mode 100644 index 6a6dfadd..00000000 --- a/bin/v-make-main-apache-log +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -touch /var/log/apache2/time.log -# truncate -s 0 /var/log/apache2/time.log -chmod 0640 /var/log/apache2/time.log -chown root:adm /var/log/apache2/time.log -find /home/*/conf/web/ -type f \( -name "apache2.conf" -or -name "sapache2.conf" -or -name "*.apache2.conf" -or -name "*.apache2.ssl.conf" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' -find /usr/local/vesta/data/templates/web/apache2 -type f \( -name "*.tpl" -or -name "*.stpl" \) -exec grep -L "time\.log" {} \; | xargs sed -i 's|ServerName |CustomLog /var/log/apache2/time.log time\n ServerName |g' -if ! /usr/local/vesta/bin/v-grep 'LogFormat "%t %v %a %D %r %>s \"%{User-Agent}i\"" time' '/etc/apache2/apache2.conf' '-q'; then - sed -i 's|LogFormat "%b" bytes|LogFormat "%b" bytes\nLogFormat "%t %v %a %D %r %>s \\\"%{User-Agent}i\\\" pid=%P" time|g' /etc/apache2/apache2.conf -fi -systemctl restart apache2 - -wget -nv http://dl.myvestacp.com/vesta/apache_requests_analyzer/analyze-traffic.php -O /root/analyze-traffic.php diff --git a/bin/v-make-separated-ip-for-email b/bin/v-make-separated-ip-for-email index 15e42c05..49d31f45 100644 --- a/bin/v-make-separated-ip-for-email +++ b/bin/v-make-separated-ip-for-email @@ -1,4 +1,4 @@ - #!/bin/bash +#!/bin/bash # info: add new ip and makes email to be sent via that IP only for SMTP authenticated users # options: MAIL_HOSTNAME MAIL_IP @@ -45,7 +45,7 @@ is_domain_format_valid "$MAIL_HOSTNAME" is_ip_format_valid "$MAIL_IP" HOST_USER=$($VESTA/bin/v-search-domain-owner "$HOSTNAME") -if [ -z "$HOST_USER" ]; then +if [ -z "$HOST_USER" ]; then echo "Error: hostname $HOSTNAME is not created as web domain" exit 4 fi @@ -139,17 +139,6 @@ if [ "$check_grep" -eq 0 ]; then echo "=== patching exim4.conf.template" mv /etc/exim4/exim4.conf.template /etc/exim4/exim4.conf.template-backup cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template /etc/exim4/exim4.conf.template - - eximversion=$(exim4 --version | grep '^Exim version ' | awk '{print $3}') - if (( $(echo "$eximversion < 4.96" | bc -l) )); then - cp /usr/local/vesta/install/debian/12/exim/exim4.conf.template.without-srs /etc/exim4/exim4.conf.template - sed -i "s|message_linelength_limit|#message_linelength_limit|g" /etc/exim4/exim4.conf.template - fi - - if (( $(echo "$eximversion < 4.94" | bc -l) )); then - sed -i "s|smtputf8_advertise_hosts|#smtputf8_advertise_hosts|g" /etc/exim4/exim4.conf.template - fi - sed -i "s|FIRSTIP|$HOST_IP|g" /etc/exim4/exim4.conf.template sed -i "s|SECONDIP|$MAIL_IP|g" /etc/exim4/exim4.conf.template sed -i "s|FIRSTHOST|$HOSTNAME|g" /etc/exim4/exim4.conf.template @@ -179,10 +168,9 @@ if [ "$check_grep" -eq 0 ]; then fi systemctl restart exim4 if [ $? -ne 0 ]; then - systemctl status exim4 cp /etc/exim4/exim4.conf.template-backup /etc/exim4/exim4.conf.template systemctl restart exim4 - echo "=== Patching failed, old exim conf returned, exim4 restarted again." + echo "=== Patching failed, aborting" exit 1 fi echo "=== Patching successful" diff --git a/bin/v-migrate-site-to-https b/bin/v-migrate-site-to-https index c15a521e..6c6c8653 100644 --- a/bin/v-migrate-site-to-https +++ b/bin/v-migrate-site-to-https @@ -40,7 +40,6 @@ is_format_valid 'domain' 'user' is_object_valid 'user' 'USER' "$user" is_object_unsuspended 'user' 'USER' "$user" - FROM_DATABASE_NAME='' FROM_DATABASE_USERNAME='' FROM_DATABASE_PASSWORD='' @@ -95,8 +94,6 @@ if [ "$DB_EXISTS" = "no" ]; then exit 6 fi -phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$FROM_DOMAIN") - # ----------- CHECK ------------- FROM_REPLACE1="http://$FROM_DOMAIN" @@ -105,13 +102,19 @@ FROM_REPLACE2="http://www.$FROM_DOMAIN" TO_REPLACE2="https://www.$FROM_DOMAIN" if [ $IT_IS_WP -eq 0 ]; then - if [ ! -f "/root/Search-Replace-DB/srdb.cli.php" ]; then - if [ ! -f "/usr/bin/git" ]; then - apt-get update > /dev/null 2>&1 - apt-get -y install git > /dev/null 2>&1 - fi - cd /root - git clone https://github.com/interconnectit/Search-Replace-DB.git + if [ ! -f "/root/Search-Replace-DB-master/srdb.cli.php" ]; then + echo "Please download https://interconnectit.com/products/search-and-replace-for-wordpress-databases/ and extract to /root/Search-Replace-DB-master/" + exit 7 + fi + if [ ! -f "/usr/bin/php7.0" ]; then + echo "Please download https://c.myvestacp.com/tools/multi-php-install.sh and install php 7.0" + exit 8 + fi +else + if [ ! -f "/usr/local/bin/wp" ]; then + echo "=== Downloading latest wp-cli" + wget -nv https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar -O /usr/local/bin/wp + chmod +x /usr/local/bin/wp fi fi @@ -161,15 +164,15 @@ grep -rl "$FROM_DOMAIN" $SITE_FOLDER | xargs sed -i "s#$FROM_REPLACE2#$TO_REPLAC if [ $IT_IS_WP -eq 0 ]; then echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" + php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE1" -r "$TO_REPLACE1" echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - php /root/Search-Replace-DB/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" + php7.0 /root/Search-Replace-DB-master/srdb.cli.php -h localhost -n "$FROM_DATABASE_NAME" -u "$FROM_DATABASE_USERNAME" -p "$FROM_DATABASE_PASSWORD" -s "$FROM_REPLACE2" -r "$TO_REPLACE2" else cd $SITE_FOLDER echo "=== Replacing $FROM_REPLACE1 to $TO_REPLACE1 in database $FROM_DATABASE_NAME" - /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; + sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE1" "$TO_REPLACE1" --precise --all-tables --skip-columns=guid echo "=== Replacing $FROM_REPLACE2 to $TO_REPLACE2 in database $FROM_DATABASE_NAME" - /usr/local/vesta/bin/v-run-wp-cli $FROM_DOMAIN search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid --skip-plugins --skip-themes; + sudo -H -u$FROM_USER wp search-replace "$FROM_REPLACE2" "$TO_REPLACE2" --precise --all-tables --skip-columns=guid fi echo "===== DONE ====" diff --git a/bin/v-move-domain-and-database-to-account b/bin/v-move-domain-and-database-to-account index 383fd26e..7524d229 100644 --- a/bin/v-move-domain-and-database-to-account +++ b/bin/v-move-domain-and-database-to-account @@ -88,56 +88,6 @@ if [ $? -ne 0 ]; then RET=$E_NOTEXIST fi -#----------------------------------------------------------# -# Update Wordfence WAF Path # -#----------------------------------------------------------# - -filepath="/home/USER_TO/web/$domain/public_html/.user.ini" -filename=$(basename $filepath) - -# Check if file exists -if [ -f "$filepath" ]; then - echo "Updating $filename with new user path..." - - # Temporary file for modification - tmp_file=$(mktemp) - - # Change path from old USER to new USER_TO - sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" - - # Check if replacement was successful and update file - if [ $? -eq 0 ]; then - mv "$tmp_file" "$filepath" - echo "$filename updated successfully." - else - echo "Failed to update $filename file." - rm "$tmp_file" # Deletes temporary file - fi -fi - -filepath="/home/USER_TO/web/$domain/public_html/wordfence-waf.php" -filename=$(basename $filepath) - -# Check if file exists -if [ -f "$filepath" ]; then - echo "Updating $filename with new user path..." - - # Temporary file for modification - tmp_file=$(mktemp) - - # Change path from old USER to new USER_TO - sed "s|/home/$owner/public_html|/home/$USER_TO/public_html|g" "$filepath" > "$tmp_file" - - # Check if replacement was successful and update file - if [ $? -eq 0 ]; then - mv "$tmp_file" "$filepath" - echo "$filename updated successfully." - else - echo "Failed to update $filename file." - rm "$tmp_file" # Deletes temporary file - fi -fi - #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-move-folder-and-make-symlink b/bin/v-move-folder-and-make-symlink index ccd66b7c..81561a97 100644 --- a/bin/v-move-folder-and-make-symlink +++ b/bin/v-move-folder-and-make-symlink @@ -19,8 +19,6 @@ fi FROMFOLDER=$1 TOFOLDER=$2 -echo "Executing: v-move-folder-and-make-symlink $1 $2" - # Includes source $VESTA/func/main.sh @@ -28,16 +26,6 @@ source $VESTA/func/main.sh # Verifications # #----------------------------------------------------------# -if [ -z "$FROMFOLDER" ]; then - echo "First parameter is empty, aborting" - exit 1 -fi - -if [ -z "$TOFOLDER" ]; then - echo "Second parameter is empty, aborting" - exit 1 -fi - # Trimming the ending slash, just in case FROMFOLDER=$(echo "$FROMFOLDER" | sed 's:/*$::') TOFOLDER=$(echo "$TOFOLDER" | sed 's:/*$::') @@ -78,21 +66,19 @@ fi # Action # #----------------------------------------------------------# +rsync -a "$FROMFOLDER/" "$TOFOLDER/" +# with slashes on the end of the path of both folders +if [ "$?" -ne 0 ]; then + echo "Error happened, aborting" + exit 1 +fi + if [ "$FROMFOLDER" = "/home/$USER" ] && [ -d "$FROMFOLDER/conf" ]; then # if we are moving myVesta home folder, we must remove immutable attribute from conf/ files chattr -R -i "$FROMFOLDER/conf/" > /dev/null 2>&1 # with slashes on the end of the path of the folder fi -# rsync -a "$FROMFOLDER/" "$TOFOLDER/" -# with slashes on the end of the path of both folders - -mv "$FROMFOLDER" "$TOFOLDER" -if [ "$?" -ne 0 ]; then - echo "Error happened, aborting" - exit 1 -fi - rm -rf "$FROMFOLDER" # without slash on the end of the path of the folder diff --git a/bin/v-php-func b/bin/v-php-func index 925cc91e..0c789863 100644 --- a/bin/v-php-func +++ b/bin/v-php-func @@ -9,7 +9,7 @@ #----------------------------------------------------------# -if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then +if [ -p /dev/stdin ]; then STDIN=$(cat -) if [ ! -z "$STDIN" ]; then echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php "$@" diff --git a/bin/v-restore-user b/bin/v-restore-user index a2dab574..af451d88 100755 --- a/bin/v-restore-user +++ b/bin/v-restore-user @@ -417,7 +417,6 @@ if [ "$web" != 'no' ] && [ ! -z "$WEB_SYSTEM" ]; then # Restoring web domain data chown $user $tmpdir chmod u+w $HOMEDIR/$user/web/$domain - chmod 0755 $tmpdir/web/$domain sudo -u $user tar -xzpf $tmpdir/web/$domain/domain_data.tar.gz \ -C $HOMEDIR/$user/web/$domain/ --exclude=./logs/* \ 2> $HOMEDIR/$user/web/$domain/restore_errors.log @@ -619,7 +618,6 @@ if [ "$mail" != 'no' ] && [ ! -z "$MAIL_SYSTEM" ]; then if [ -e "$tmpdir/mail/$domain/accounts.tar.gz" ]; then chown $user $tmpdir chmod u+w $HOMEDIR/$user/mail/$domain_idn - chmod 0755 $tmpdir/mail/$domain sudo -u $user tar -xzpf $tmpdir/mail/$domain/accounts.tar.gz \ -C $HOMEDIR/$user/mail/$domain_idn/ if [ "$?" -ne 0 ]; then diff --git a/bin/v-run-wp-cli b/bin/v-run-wp-cli deleted file mode 100644 index b1e4e6aa..00000000 --- a/bin/v-run-wp-cli +++ /dev/null @@ -1,146 +0,0 @@ -#!/bin/bash -# info: Run WP CLI command for a specific domain -# options: DOMAIN WP_CLI_COMMAND - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -SILENT_MODE=1 - -# Argument definition -domain=$1 -wp_command=${@:2} - -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -USER=$user - -# Includes -source /usr/local/vesta/func/main.sh -source /usr/local/vesta/func/domain.sh - -if [ -z "$user" ]; then - check_result $E_NOTEXIST "domain $domain doesn't exist" -fi - -#----------------------------------------------------------# -# Verifications # -#----------------------------------------------------------# - -VERBOSE_MODE=1 - -check_args '2' "$#" 'DOMAIN WP_CLI_COMMAND' -is_format_valid 'domain' -is_object_valid 'user' 'USER' "$user" -is_object_unsuspended 'user' 'USER' "$user" -is_object_unsuspended 'web' 'DOMAIN' "$domain" - -if [ ! -d "/home/$user" ]; then - echo "= User doesn't exist"; - exit 1; -fi - -if [[ "$wp_command" != core\ download* ]] && [[ "$wp_command" != core\ config* ]] && [ ! -f "/home/$user/web/$domain/public_html/wp-config.php" ]; then - echo '= Please install WordPress first.' - exit 1; -fi - -wpcli="" - -if [ ! -f "/usr/local/bin/wp" ]; then - echo "= WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli -fi - -if [ -z "$USE_WP_CLI_MYVESTA" ]; then - if [ -f "/usr/local/bin/wp" ]; then - # Get current time and file ctime in seconds since epoch - current_time=$(date +%s) - file_ctime=$(stat -c %Z /usr/local/bin/wp) - # Calculate age in days - age_days=$(( (current_time - file_ctime) / 86400 )) - if [ "$age_days" -gt 30 ]; then - echo "= The /usr/local/bin/wp file is older than 30 days (based on CTime)." - echo "= Updating WP CLI..." - /usr/local/vesta/bin/v-install-wp-cli - fi - fi -fi - -if [ -t 1 ]; then - output='terminal' -else - output='file' -fi - -if [ -f "/usr/local/bin/wp" ]; then - wpcli="/usr/local/bin/wp" - WP_CLI_PACKAGES_DIR="" -fi - -if [ ! -z "$USE_WP_CLI_MYVESTA" ] && [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ] && [ -d "/usr/local/bin/wp-cli/packages/vendor/wp-cli/search-replace-command" ] && [ "$output" == "terminal" ]; then - wpcli="/usr/local/bin/wp-cli/php/boot-fs.php" - COLUMNS=$(/usr/bin/env stty size 2>/dev/null | awk '{print $2}') - echo $COLUMNS > /usr/local/bin/wp-cli/COLUMNS - WP_CLI_PACKAGES_DIR="WP_CLI_PACKAGES_DIR=/usr/local/bin/wp-cli/packages" -fi - -if [ -z "$wpcli" ]; then - echo "= WP CLI is not installed. Please install it manually." - exit 1; -fi - -mkdir -p /home/$user/.wp-cli -chown $user:$user /home/$user/.wp-cli - -if [ -z "$PHP" ]; then - phpver=$(/usr/local/vesta/bin/v-get-php-version-of-domain "$domain") -else - phpver=$PHP -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -cd /home/$USER/web/$domain/public_html - -if [ -z "$OPEN_BASEDIR" ]; then - OPEN_BASEDIR="/home/$user/web/$domain:/home/$user/.wp-cli:/home/$user/tmp:/usr/local/bin:/tmp" -fi - -if [ -z "$DISABLE_FUNCTIONS" ]; then - DISABLE_FUNCTIONS="pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen" -fi - -if [ -z "$SHOW_ERRORS" ]; then - sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command 2>/home/$user/web/$domain/wp-cli-error.log -else - sudo -u $USER $WP_CLI_PACKAGES_DIR /usr/bin/php$phpver -d disable_functions=$DISABLE_FUNCTIONS -d open_basedir=$OPEN_BASEDIR $wpcli --path=/home/$user/web/$domain/public_html/ $wp_command -fi - -return_code=$? - -if [ -f "/usr/local/bin/wp-cli/COLUMNS" ]; then - rm /usr/local/bin/wp-cli/COLUMNS -fi - -if [ -z "$SHOW_ERRORS" ]; then - if grep -q "PHP Fatal error" /home/$user/web/$domain/wp-cli-error.log || [ $return_code -ne 0 ]; then - cat /home/$user/web/$domain/wp-cli-error.log - fi -fi -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -exit $return_code; diff --git a/bin/v-run-wp-cli-myvesta b/bin/v-run-wp-cli-myvesta deleted file mode 100644 index 5947edfa..00000000 --- a/bin/v-run-wp-cli-myvesta +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -if [ ! -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - echo "= myVesta WP CLI is not installed. Installing..." - /usr/local/vesta/bin/v-install-wp-cli-myvesta -fi - -if [ -f "/usr/local/bin/wp-cli/php/boot-fs.php" ]; then - # Get current time and file ctime in seconds since epoch - current_time=$(date +%s) - file_ctime=$(stat -c %Z /usr/local/bin/wp-cli/php/boot-fs.php) - # Calculate age in days - age_days=$(( (current_time - file_ctime) / 86400 )) - if [ "$age_days" -gt 30 ]; then - echo "= The /usr/local/bin/wp-cli/php/boot-fs.php file is older than 30 days (based on CTime)." - echo "= Updating myVesta WP CLI..." - /usr/local/vesta/bin/v-install-wp-cli-myvesta - fi -fi - -USE_WP_CLI_MYVESTA=1 /usr/local/vesta/bin/v-run-wp-cli "$@" diff --git a/bin/v-sed b/bin/v-sed index 16e8ad2b..9d1a82ee 100644 --- a/bin/v-sed +++ b/bin/v-sed @@ -9,19 +9,13 @@ #----------------------------------------------------------# -if [ "$1" == "--stdin" ] && [ -p /dev/stdin ]; then +if [ -p /dev/stdin ]; then STDIN=$(cat -) if [ ! -z "$STDIN" ]; then - shift; - echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@" + echo "$STDIN" | php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@" exit $? fi fi -if [ "$1" == "--stdin" ]; then - shift; - php /usr/local/vesta/func/bash-to-php-interpreter.php '--stdin' 'myvesta_sed' "$@" -else - php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@" -fi +php /usr/local/vesta/func/bash-to-php-interpreter.php 'myvesta_sed' "$@" exit $? diff --git a/bin/v-suspend-firewall-rule b/bin/v-suspend-firewall-rule index 9191fed0..67f14cec 100755 --- a/bin/v-suspend-firewall-rule +++ b/bin/v-suspend-firewall-rule @@ -32,21 +32,12 @@ is_object_unsuspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# -oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) - # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' yes # Updating system firewall $BIN/v-update-firewall -if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then - parse_object_kv_list_non_eval "$oldvalues" - if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then - sed -i "\#$IP#d" /etc/nginx/conf.d/block-firewall.conf - systemctl restart nginx - fi -fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-unlock-wordpress b/bin/v-unlock-wordpress index 4a2c42c3..1e2cccc6 100644 --- a/bin/v-unlock-wordpress +++ b/bin/v-unlock-wordpress @@ -58,8 +58,6 @@ chown -R $user:$user public_html/ rm public_html/wp-content/uploads/.htaccess -/usr/local/vesta/bin/v-fix-website-permissions $domain - #----------------------------------------------------------# # Vesta # #----------------------------------------------------------# diff --git a/bin/v-unsuspend-firewall-rule b/bin/v-unsuspend-firewall-rule index f0e00c96..be6320d4 100755 --- a/bin/v-unsuspend-firewall-rule +++ b/bin/v-unsuspend-firewall-rule @@ -32,25 +32,12 @@ is_object_suspended '../../data/firewall/rules' 'RULE' "$rule" # Action # #----------------------------------------------------------# -oldvalues=$(grep "RULE='$rule'" $VESTA/data/firewall/rules.conf) - # Suspending rule update_object_value ../../data/firewall/rules RULE $rule '$SUSPENDED' no # Updating system firewall $BIN/v-update-firewall -if [ "$WEB_SYSTEM" == 'nginx' ] || [ "$PROXY_SYSTEM" == 'nginx' ]; then - parse_object_kv_list_non_eval "$oldvalues" - if [ "$PORT" == "80,443" ] && [ "$ACTION" == "DROP" ]; then - touch /etc/nginx/conf.d/block-firewall.conf - if ! grep -q "deny $IP;" /etc/nginx/conf.d/block-firewall.conf; then - echo "deny $IP;" >> /etc/nginx/conf.d/block-firewall.conf - systemctl restart nginx - fi - fi -fi - #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-document-errors-files b/bin/v-update-document-errors-files deleted file mode 100644 index c044a80a..00000000 --- a/bin/v-update-document-errors-files +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -# info: fix website permissions for all websites -# options: -# -# The command is used for fixing website permissions for all websites on the server. - - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -# Importing system variables -source /etc/profile - -# Includes -source $VESTA/func/main.sh - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -for user in $(grep '@' /etc/passwd |cut -f1 -d:); do - if [ ! -f "/usr/local/vesta/data/users/$user/user.conf" ]; then - continue; - fi - - for domain in $(/usr/local/vesta/bin/v-list-web-domains $user plain |cut -f 1); do - cp /usr/local/vesta/data/templates/web/skel/document_errors/403.html /home/$user/web/$domain/document_errors/403.html - cp /usr/local/vesta/data/templates/web/skel/document_errors/404.html /home/$user/web/$domain/document_errors/404.html - cp /usr/local/vesta/data/templates/web/skel/document_errors/50x.html /home/$user/web/$domain/document_errors/50x.html - sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/403.html - sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/404.html - sed -i "s/%domain%/$domain/g" /home/$user/web/$domain/document_errors/50x.html - chown $user:$user /home/$user/web/$domain/document_errors/* - chmod 644 /home/$user/web/$domain/document_errors/* - done - -done - - -#----------------------------------------------------------# -# Vesta # -#----------------------------------------------------------# - -# Logging -log_event "$OK" "$ARGUMENTS" - -exit diff --git a/bin/v-update-firewall b/bin/v-update-firewall index 6d359f07..d3a46686 100755 --- a/bin/v-update-firewall +++ b/bin/v-update-firewall @@ -67,7 +67,7 @@ echo "$iptables -P INPUT ACCEPT" >> $tmp echo "$iptables -F INPUT" >> $tmp # Enabling stateful support -if [ "$FIREWALL_STATEFUL" == "yes" ] || [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then +if [ "$conntrack" != 'no' ] || grep --quiet container=lxc /proc/1/environ; then str="$iptables -A INPUT -m state" str="$str --state ESTABLISHED,RELATED -j ACCEPT" echo "$str" >> $tmp @@ -164,12 +164,12 @@ if [ ! -z "$FIREWALL_EXTENSION" ]; then fi # Saving rules to the master iptables file -# if [ -d "/etc/sysconfig" ]; then -# /sbin/iptables-save > /etc/sysconfig/iptables -# if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then -# /sbin/chkconfig iptables on -# fi -# else +if [ -d "/etc/sysconfig" ]; then + /sbin/iptables-save > /etc/sysconfig/iptables + if [ -z "$(ls /etc/rc3.d/S*iptables 2>/dev/null)" ]; then + /sbin/chkconfig iptables on + fi +else /sbin/iptables-save > /etc/iptables.rules preup="/etc/network/if-pre-up.d/iptables" if [ ! -e "$preup" ]; then @@ -178,7 +178,7 @@ fi echo "exit 0" >> $preup chmod +x $preup fi -# fi +fi # Worarkound for OpenVZ if [ -e "/proc/vz/veinfo" ]; then diff --git a/bin/v-update-mail-domain-disk b/bin/v-update-mail-domain-disk index be5502e7..451dbd37 100755 --- a/bin/v-update-mail-domain-disk +++ b/bin/v-update-mail-domain-disk @@ -49,8 +49,7 @@ dom_diks=0 for account in $(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT'); do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - cd $home_dir - udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) + udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-mail-domains-disk b/bin/v-update-mail-domains-disk index 807218e3..ca93627f 100755 --- a/bin/v-update-mail-domains-disk +++ b/bin/v-update-mail-domains-disk @@ -35,14 +35,13 @@ fi #----------------------------------------------------------# # Starting loop -for domain in $(list_objects 'mail' 'DOMAIN'); do +for domain in $(search_objects 'mail' 'SUSPENDED' "no" 'DOMAIN'); do dom_diks=0 - accounts=$(list_objects "mail/$domain" 'ACCOUNT') + accounts=$(search_objects "mail/$domain" 'SUSPENDED' "no" 'ACCOUNT') for account in $accounts; do home_dir=$HOMEDIR/$user/mail/$domain/$account if [ -e "$home_dir" ]; then - cd $home_dir - udisk=$(nice -n 19 du -shm ./ | cut -f 1 ) + udisk=$(nice -n 19 du -shm $home_dir | cut -f 1 ) else udisk=0 fi diff --git a/bin/v-update-sys-rrd-net b/bin/v-update-sys-rrd-net index d59eefd9..e9c642e4 100755 --- a/bin/v-update-sys-rrd-net +++ b/bin/v-update-sys-rrd-net @@ -35,15 +35,13 @@ if [ ! -d "$RRD/net" ]; then mkdir $RRD/net fi -find $RRD/net -name "veth*" -delete - # Parsing network interfaces ndev=$(cat /proc/net/dev) ifaces=$(echo "$ndev" |grep : |cut -f 1 -d : | sed "s/ //g") # Parsing excludes if [ -z "$RRD_IFACE_EXCLUDE" ]; then - RRD_IFACE_EXCLUDE='lo,' + RRD_IFACE_EXCLUDE='lo' fi for exclude in $(echo ${RRD_IFACE_EXCLUDE//,/ }); do ifaces=$(echo "$ifaces" |grep -vw "$exclude" ) @@ -64,8 +62,6 @@ for iface in $ifaces; do RRA:MAX:0.5:6:700 \ RRA:MAX:0.5:24:775 \ RRA:MAX:0.5:288:797 - else - touch $RRD/net/$iface.rrd fi # Parsing device stats @@ -116,8 +112,6 @@ for iface in $ifaces; do done -find $RRD/net -name "*.png" -mtime +1 -delete -find $RRD/net -name "*.rrd" -mtime +1 -delete #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-web-domain-disk b/bin/v-update-web-domain-disk index 1bee4685..ac851b92 100755 --- a/bin/v-update-web-domain-disk +++ b/bin/v-update-web-domain-disk @@ -50,14 +50,6 @@ if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi -# Defining hdd home directory -home_dir="/hdd$HOMEDIR/$user/web/$domain/" - -# Checking home directory exist -if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then - disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) - disk_usage=$(( disk_usage + disk_usage2 )) -fi #----------------------------------------------------------# # Vesta # diff --git a/bin/v-update-web-domains-disk b/bin/v-update-web-domains-disk index 5ee58abf..5951f289 100755 --- a/bin/v-update-web-domains-disk +++ b/bin/v-update-web-domains-disk @@ -32,16 +32,11 @@ is_object_valid 'user' 'USER' "$user" #----------------------------------------------------------# # Domain loop -for domain in $(list_objects 'web' 'DOMAIN'); do +for domain in $(search_objects 'web' 'SUSPENDED' "no" 'DOMAIN'); do home_dir="$HOMEDIR/$user/web/$domain/" if [ -e "$home_dir" ]; then disk_usage=$(nice -n 19 du -shm $home_dir | cut -f 1 ) fi - home_dir="/hdd$HOMEDIR/$user/web/$domain/" - if [ -e "$home_dir" ] && [[ ! -L "$home_dir" ]]; then - disk_usage2=$(nice -n 19 du -shm $home_dir | cut -f 1 ) - disk_usage=$(( disk_usage + disk_usage2 )) - fi update_object_value 'web' 'DOMAIN' "$domain" '$U_DISK' "$disk_usage" done diff --git a/bin/v-whitelist-email-account b/bin/v-whitelist-email-account deleted file mode 100644 index 4a6e6329..00000000 --- a/bin/v-whitelist-email-account +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash -# info: Add a specific email address to SpamAssassin whitelist -# usage: v-whitelist-email-account EMAIL - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -# Determine Debian version and set SpamAssassin service name -release=$(cat /etc/debian_version | tr "." "\n" | head -n1) -if [ "$release" -lt 12 ]; then - SPAMD_SERVICE="spamassassin.service" -else - SPAMD_SERVICE="spamd.service" -fi - -SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" - -# Flags to track changes -SPAMASSASSIN_CHANGED=false - -# Function to check if an entry already exists in a file -check_entry_exists() { - local entry=$1 - local file=$2 - grep -qF "$entry" "$file" -} - -# Function to check if a domain/email is already blacklisted -check_blacklisted() { - local pattern=$1 - local file=$2 - grep -qE "blacklist_from.*${pattern}" "$file" -} - -# Function to add an entry to a file -add_entry_to_file() { - local entry=$1 - local file=$2 - echo "$entry" >> "$file" -} - -# Display usage if no arguments are provided -if [ $# -lt 1 ]; then - echo "Usage: v-whitelist-email-account EMAIL" - exit 1 -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -EMAIL=$1 - -# Validate email format -if [[ ! "$EMAIL" =~ ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ ]]; then - echo "Invalid email address format." - exit 1 -fi - -# Extract the domain from the email address -DOMAIN=$(echo "$EMAIL" | awk -F '@' '{print $2}') - -# Prepare entries for SpamAssassin -WHITELIST_ENTRY="whitelist_from $EMAIL" -BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" -BLACKLIST_ENTRY_SUB="*.$DOMAIN" - -#----------------------------------------------------------# -# SpamAssassin Whitelist # -#----------------------------------------------------------# - -echo "Updating $SPAMASSASSIN_FILE..." - -# Check if the email address or its domain is already blacklisted -if check_blacklisted "$EMAIL" "$SPAMASSASSIN_FILE"; then - echo "Cannot whitelist $EMAIL. It is already blacklisted." - exit 1 -fi - -if check_blacklisted "$BLACKLIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then - echo "Cannot whitelist $EMAIL. The domain $DOMAIN is already blacklisted." - exit 1 -fi - -if check_blacklisted "$BLACKLIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then - echo "Cannot whitelist $EMAIL. The subdomain of $DOMAIN is already blacklisted." - exit 1 -fi - -# Add the email to whitelist if not already present -if ! check_entry_exists "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE"; then - add_entry_to_file "$WHITELIST_ENTRY" "$SPAMASSASSIN_FILE" - echo "Added $WHITELIST_ENTRY to $SPAMASSASSIN_FILE." - SPAMASSASSIN_CHANGED=true -else - echo "$WHITELIST_ENTRY already exists in $SPAMASSASSIN_FILE." -fi - -# Restart SpamAssassin only if changes were made -if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then - systemctl restart "$SPAMD_SERVICE" - echo "SpamAssassin service ($SPAMD_SERVICE) restarted." -fi - -#----------------------------------------------------------# -# Done # -#----------------------------------------------------------# - -exit 0 diff --git a/bin/v-whitelist-email-domain b/bin/v-whitelist-email-domain deleted file mode 100644 index 9d877ad4..00000000 --- a/bin/v-whitelist-email-domain +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash -# info: Add a domain to SpamAssassin whitelist -# usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO) - -#----------------------------------------------------------# -# Variable&Function # -#----------------------------------------------------------# - -whoami=$(whoami) -if [ "$whoami" != "root" ]; then - echo "You must be root to execute this script" - exit 1 -fi - -# Importing system environment -source /etc/profile - -# Determine Debian version and set SpamAssassin service name -release=$(cat /etc/debian_version | tr "." "\n" | head -n1) -if [ "$release" -lt 12 ]; then - SPAMD_SERVICE="spamassassin.service" -else - SPAMD_SERVICE="spamd.service" -fi - -SPAMASSASSIN_FILE="/etc/spamassassin/local.cf" - -# Flags to track changes -SPAMASSASSIN_CHANGED=false - -# Function to check if a SpamAssassin whitelist entry already exists -check_whitelist_exists() { - local entry=$1 - local file=$2 - grep -qF "whitelist_from $entry" "$file" -} - -# Function to check if a domain/email is already blacklisted -check_blacklist_exists() { - local domain=$1 - local file=$2 - grep -qE "blacklist_from.*${domain}$" "$file" -} - -# Function to add whitelist entry to file -add_whitelist_to_file() { - local entry=$1 - local file=$2 - echo "whitelist_from $entry" >> "$file" -} - -# Display usage if no arguments are provided -if [ $# -lt 2 ]; then - echo "Usage: v-whitelist-email-domain DOMAIN SUBDOMAIN(YES/NO)" - exit 1 -fi - -#----------------------------------------------------------# -# Action # -#----------------------------------------------------------# - -DOMAIN=$1 -SUBDOMAIN=${2^^} # Convert to uppercase for consistency (YES/NO) - -# Validate SUBDOMAIN parameter -if [[ "$SUBDOMAIN" != "YES" && "$SUBDOMAIN" != "NO" ]]; then - echo "Invalid parameter for SUBDOMAIN. Use YES or NO." - exit 1 -fi - -# Prepare entries for SpamAssassin -WHITELIST_ENTRY_MAIN="*@${DOMAIN}" -WHITELIST_ENTRY_SUB="*.$DOMAIN" -BLACKLIST_ENTRY_MAIN="*@${DOMAIN}" -BLACKLIST_ENTRY_SUB="*.$DOMAIN" - -#----------------------------------------------------------# -# SpamAssassin Whitelist # -#----------------------------------------------------------# - -echo "Updating $SPAMASSASSIN_FILE..." - -# Check if the domain is already blacklisted -if check_blacklist_exists "$DOMAIN" "$SPAMASSASSIN_FILE"; then - echo "Cannot whitelist $DOMAIN. It is already blacklisted." - exit 1 -fi - -# Add the main entry -if ! check_whitelist_exists "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE"; then - add_whitelist_to_file "$WHITELIST_ENTRY_MAIN" "$SPAMASSASSIN_FILE" - echo "Added whitelist_from $WHITELIST_ENTRY_MAIN to $SPAMASSASSIN_FILE." - SPAMASSASSIN_CHANGED=true -else - echo "whitelist_from $WHITELIST_ENTRY_MAIN already exists in $SPAMASSASSIN_FILE." -fi - -# Add the subdomain entry if needed -if [ "$SUBDOMAIN" == "YES" ]; then - if ! check_whitelist_exists "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE"; then - add_whitelist_to_file "$WHITELIST_ENTRY_SUB" "$SPAMASSASSIN_FILE" - echo "Added whitelist_from $WHITELIST_ENTRY_SUB to $SPAMASSASSIN_FILE." - SPAMASSASSIN_CHANGED=true - else - echo "whitelist_from $WHITELIST_ENTRY_SUB already exists in $SPAMASSASSIN_FILE." - fi -fi - -# Restart SpamAssassin only if changes were made -if [ "$SPAMASSASSIN_CHANGED" == "true" ]; then - systemctl restart "$SPAMD_SERVICE" - echo "SpamAssassin service ($SPAMD_SERVICE) restarted." -fi - -#----------------------------------------------------------# -# Done # -#----------------------------------------------------------# - -exit 0 diff --git a/func/bash-to-php-interpreter.php b/func/bash-to-php-interpreter.php index b437c3c9..4c1e9dc5 100644 --- a/func/bash-to-php-interpreter.php +++ b/func/bash-to-php-interpreter.php @@ -7,22 +7,13 @@ else $SHLVL=3; if (!isset($argv)) exit(5); -$argv_start=1; -$STDIN_ENABLED=false; -if ($argv[1]=='--stdin') { - $STDIN_ENABLED=true; - $argv_start++; -} - +stream_set_blocking(STDIN, false); $myvesta_stdin=''; -if ($STDIN_ENABLED==true) { - stream_set_blocking(STDIN, false); - $myvesta_f = fopen( 'php://stdin', 'r' ); - while( $myvesta_line = fgets( $myvesta_f ) ) { - $myvesta_stdin .= $myvesta_line; - } - fclose( $myvesta_f ); +$myvesta_f = fopen( 'php://stdin', 'r' ); +while( $myvesta_line = fgets( $myvesta_f ) ) { + $myvesta_stdin .= $myvesta_line; } +fclose( $myvesta_f ); include ("/usr/local/vesta/func/main.php"); include ("/usr/local/vesta/func/string.php"); @@ -30,9 +21,9 @@ include ("/usr/local/vesta/func/string.php"); $counter=count($argv); if ($counter<2) myvesta_throw_error(2, 'Function is missing'); -$func=$argv[$argv_start]; +$func=$argv[1]; if (!function_exists($func)) { - $func="myvesta_".$argv[$argv_start]; + $func="myvesta_".$argv[1]; if (!function_exists($func)) myvesta_throw_error(2, 'Function does not exists'); } @@ -45,12 +36,10 @@ $params=array(); $added=0; $stdin_content=''; $myvesta_stdin_from_file=''; -$myvesta_stdin_return_not_found=false; + $myvesta_stdin_return_not_found=false; if ($myvesta_stdin!='' && $insert_stdin_at_position===false) {$params[]=$myvesta_stdin; $added++;} -$argv_start++; - -for ($i=$argv_start; $i<$counter; $i++) { +for ($i=2; $i<$counter; $i++) { $argv[$i]=myvesta_fix_backslashes($argv[$i]); //if ($insert_stdin_at_position!==false && $myvesta_stdin=='') if ($insert_stdin_at_position==$added) {$stdin_content=$argv[$i]; $added++; continue;} $params[]=$argv[$i]; @@ -59,7 +48,7 @@ for ($i=$argv_start; $i<$counter; $i++) { //print_r($params); exit; if ($insert_stdin_at_position!=false) { - if ($myvesta_stdin=='' && isset($params[$insert_stdin_at_position])) { + if ($myvesta_stdin=='') { $file_or_stdin=$params[$insert_stdin_at_position]; if (!file_exists($file_or_stdin)) { $myvesta_stdin_return_not_found=true; diff --git a/func/db.sh b/func/db.sh index 7e4f4d97..20230fec 100644 --- a/func/db.sh +++ b/func/db.sh @@ -29,9 +29,6 @@ mysql_connect() { mysql --defaults-file=$mycnf -e 'SELECT VERSION()' > $mysql_out 2>&1 if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then - subj="Error: Connection to $HOST failed" - email=$($BIN/v-get-user-value admin CONTACT) - echo -e "Can't connect to MySQL $HOST\n$(cat $mysql_out)" |\ $SENDMAIL -s "$subj" $email fi @@ -58,13 +55,10 @@ mysql_query() { mysql_dump() { err="/tmp/e.mysql" - mysqldump --defaults-file=$mycnf --complete-insert --force --quick --single-transaction --max-allowed-packet=1024MB -r $1 $2 2> $err + mysqldump --defaults-file=$mycnf --single-transaction --max_allowed_packet=100M -r $1 $2 2> $err if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then - subj="Error: dump $database failed" - email=$($BIN/v-get-user-value admin CONTACT) - echo -e "Can't dump database $database\n$(cat $err)" |\ $SENDMAIL -s "$subj" $email fi @@ -88,9 +82,6 @@ psql_connect() { psql -h $HOST -U $USER -c "SELECT VERSION()" > /dev/null 2>/tmp/e.psql if [ '0' -ne "$?" ]; then if [ "$notify" != 'no' ]; then - subj="Error: Connection to $HOST failed" - email=$($BIN/v-get-user-value admin CONTACT) - echo -e "Can't connect to PostgreSQL $HOST\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi @@ -112,9 +103,6 @@ psql_dump() { if [ '0' -ne "$?" ]; then rm -rf $tmpdir if [ "$notify" != 'no' ]; then - subj="Error: dump $database failed" - email=$($BIN/v-get-user-value admin CONTACT) - echo -e "Can't dump database $database\n$(cat /tmp/e.psql)" |\ $SENDMAIL -s "$subj" $email fi diff --git a/func/main.php b/func/main.php index 4628c92a..22834d42 100644 --- a/func/main.php +++ b/func/main.php @@ -53,7 +53,6 @@ function myvesta_check_args ($requried_arguments, $arguments) { $argument_counter=count($argv); $argument_counter--; $argv[0]=str_replace('/usr/local/vesta/bin/', '', $argv[0]); - $command=$argv[0]; // myvesta_echo ( "-------------------- ".$argv[0]." --------------------\n"); if ($argument_counter<$requried_arguments) { $arguments=str_replace(" ", "' '", $arguments); diff --git a/func/main.sh b/func/main.sh index 4dfc087b..10de469a 100644 --- a/func/main.sh +++ b/func/main.sh @@ -254,9 +254,6 @@ is_object_unsuspended() { spnd=$(grep "$2='$3'" $USER_DATA/$1.conf |grep "SUSPENDED='yes'") fi if [ ! -z "$spnd" ]; then - if [ ! -z "$VERBOSE_MODE" ]; then - echo "Error: $(basename $1) $3 is suspended" - fi check_result $E_SUSPENDED "$(basename $1) $3 is suspended" fi } @@ -362,17 +359,6 @@ search_objects() { IFS="$OLD_IFS" } -# List objects -list_objects() { - OLD_IFS="$IFS" - IFS=$'\n' - for line in $(cat $USER_DATA/$1.conf); do - eval $line - eval echo \$$2 - done - IFS="$OLD_IFS" -} - # Get user value get_user_value() { grep "^${1//$/}=" $USER_DATA/user.conf |awk -F "'" '{print $2}' @@ -1157,105 +1143,3 @@ check_if_service_exists() { echo "0" fi } - -# Parsing config variables with key='value' and key="value" pairs and setting them as variables, without using Perl. -# Inspired by HestiaCP function and improved -parse_object_kv_list_non_eval() { - # Let's combine all the parameters into one string, replace the new lines with a space - local str="${*//$'\n'/ }" - str=${str//\\\'/---QUOTE---} - str=${str//\\\"/---DQUOTE---} - local backup_str=$str - - local key val match i length length_val prefix position cut - i=0 - # Searching for key='value' blocks - # Loop until we find the next key='value' - while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\'([^\']*)\' ]]; do - key="${BASH_REMATCH[1]}" - val="${BASH_REMATCH[2]}" - match="${BASH_REMATCH[0]}" - length=${#match} - length_val=${#match} - - # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) - if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then - check_result "$E_INVALID" "Invalid key format [$key]" - fi - - # Declaring a global variable - val=${val/---QUOTE---/\\\'} - val=${val/---DQUOTE---/\\\"} - declare -g "$key"="$val" - - # Let's remove the processed part from str to continue - prefix=${str%%"$key="*} - position=${#prefix} - cut=$((position + 1 + length_val)) - str=${str:cut} - ((i++)) - if [ $i -eq 100 ]; then - check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" - fi - done - - # Terminate function if we don't expect strings with double apostrophes - if [ -z "$PARSE_DOUBLE_QUOTES_VAR" ]; then - return; - fi - - # Searching for key="value" blocks - str=$backup_str - i=0 - # Loop until we find the next key="value" - while [[ $str =~ ([A-Za-z][[:alnum:]_]*)=\"([^\"]*)\" ]]; do - key="${BASH_REMATCH[1]}" - val="${BASH_REMATCH[2]}" - match="${BASH_REMATCH[0]}" - length=${#match} - length_val=${#match} - - # Key validation: alphanumeric, length 2–66 (key must start and end with a letter/number) - if ! [[ "$key" =~ ^[[:alnum:]][_[:alnum:]]{0,64}[[:alnum:]]$ ]]; then - check_result "$E_INVALID" "Invalid key format [$key]" - fi - - # Declaring a global variable - val=${val/---QUOTE---/\\\'} - val=${val/---DQUOTE---/\\\"} - declare -g "$key"="$val" - - # Let's remove the processed part from str to continue - prefix=${str%%"$key="*} - position=${#prefix} - cut=$((position + 1 + length_val)) - str=${str:cut} - ((i++)) - if [ $i -eq 100 ]; then - check_result "$E_INVALID" "Potentially conf-parsing infinite loop detected" - fi - done -} - -# Return OK (0) if domain is unsupended -# Parameters: -# $1 - user -# $2 - domain -return_ok_if_domain_is_unsuspended() { - spnd=$(grep "DOMAIN='$2'" /usr/local/vesta/data/users/$1/web.conf | grep "SUSPENDED='yes'") - if [ ! -z "$spnd" ]; then - return $E_SUSPENDED - fi - return $OK -} - -# Return OK (0) if user is unsupended -# Parameters: -# $1 - user -return_ok_if_user_is_unsuspended() { - spnd=$(cat /usr/local/vesta/data/users/$1/user.conf | grep "SUSPENDED='yes'") - if [ ! -z "$spnd" ]; then - return $E_SUSPENDED - fi - return $OK -} diff --git a/func/rebuild.sh b/func/rebuild.sh index ae267e8b..b4a5f73d 100644 --- a/func/rebuild.sh +++ b/func/rebuild.sh @@ -610,9 +610,6 @@ rebuild_pgsql_database() { if [ -z $HOST ] || [ -z $USER ] || [ -z $PASSWORD ] || [ -z $TPL ]; then echo "Error: postgresql config parsing failed" if [ ! -z "$SENDMAIL" ]; then - subj="Error: postgresql config parsing failed" - email=$($BIN/v-get-user-value admin CONTACT) - echo "Can't parse PostgreSQL config" | $SENDMAIL -s "$subj" $email fi log_event "$E_PARSING" "$ARGUMENTS" @@ -624,9 +621,6 @@ rebuild_pgsql_database() { if [ '0' -ne "$?" ]; then echo "Error: Connection failed" if [ ! -z "$SENDMAIL" ]; then - subj="Error: Connection failed" - email=$($BIN/v-get-user-value admin CONTACT) - echo "Database connection to PostgreSQL host $HOST failed" |\ $SENDMAIL -s "$subj" $email fi diff --git a/install/debian/10/exim/dnsbl.conf b/install/debian/10/exim/dnsbl.conf index 279bafcd..5166b255 100644 --- a/install/debian/10/exim/dnsbl.conf +++ b/install/debian/10/exim/dnsbl.conf @@ -1 +1,2 @@ bl.spamcop.net +zen.spamhaus.org diff --git a/install/debian/10/templates/web/awstats/awstats.tpl b/install/debian/10/templates/web/awstats/awstats.tpl index 6bb51c50..9a92e0fd 100755 --- a/install/debian/10/templates/web/awstats/awstats.tpl +++ b/install/debian/10/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1" +SkipHosts="127.0.0.1 SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/10/templates/web/nginx/private-hosting.sh b/install/debian/10/templates/web/nginx/private-hosting.sh index eeed37ef..abc9155d 100755 --- a/install/debian/10/templates/web/nginx/private-hosting.sh +++ b/install/debian/10/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/11/exim/dnsbl.conf b/install/debian/11/exim/dnsbl.conf index 279bafcd..5166b255 100644 --- a/install/debian/11/exim/dnsbl.conf +++ b/install/debian/11/exim/dnsbl.conf @@ -1 +1,2 @@ bl.spamcop.net +zen.spamhaus.org diff --git a/install/debian/11/exim/exim4.conf.template b/install/debian/11/exim/exim4.conf.template index 3f09a2e8..cbc2e75f 100644 --- a/install/debian/11/exim/exim4.conf.template +++ b/install/debian/11/exim/exim4.conf.template @@ -322,7 +322,7 @@ remote_smtp: dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 - hosts_try_fastopen = + hosts_try_fastopen = !*.l.google.com hosts_try_chunking = !93.188.3.0/24 procmail: diff --git a/install/debian/11/exim/exim4.conf.template-RC b/install/debian/11/exim/exim4.conf.template-RC index 82b97d4e..5a4d0414 100644 --- a/install/debian/11/exim/exim4.conf.template-RC +++ b/install/debian/11/exim/exim4.conf.template-RC @@ -353,7 +353,7 @@ remote_smtp: dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 - hosts_try_fastopen = + hosts_try_fastopen = !*.l.google.com hosts_try_chunking = !93.188.3.0/24 procmail: diff --git a/install/debian/11/templates/web/awstats/awstats.tpl b/install/debian/11/templates/web/awstats/awstats.tpl index 6bb51c50..9a92e0fd 100755 --- a/install/debian/11/templates/web/awstats/awstats.tpl +++ b/install/debian/11/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1" +SkipHosts="127.0.0.1 SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/11/templates/web/nginx/private-hosting.sh b/install/debian/11/templates/web/nginx/private-hosting.sh index eeed37ef..abc9155d 100755 --- a/install/debian/11/templates/web/nginx/private-hosting.sh +++ b/install/debian/11/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/12/exim/dnsbl.conf b/install/debian/12/exim/dnsbl.conf index 279bafcd..5166b255 100644 --- a/install/debian/12/exim/dnsbl.conf +++ b/install/debian/12/exim/dnsbl.conf @@ -1 +1,2 @@ bl.spamcop.net +zen.spamhaus.org diff --git a/install/debian/12/exim/exim4.conf.template b/install/debian/12/exim/exim4.conf.template index 15264797..27fca98a 100644 --- a/install/debian/12/exim/exim4.conf.template +++ b/install/debian/12/exim/exim4.conf.template @@ -13,8 +13,6 @@ add_environment=<; PATH=/bin:/usr/bin keep_environment= smtputf8_advertise_hosts = -SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} - #local_interfaces = 0.0.0.0 #smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} #smtp_banner = "$smtp_active_hostname ESMTP $tod_full" @@ -147,7 +145,6 @@ acl_check_rcpt: warn !authenticated = * hosts = !+relay_from_hosts - condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} set acl_m3 = yes @@ -270,11 +267,8 @@ begin routers dnslookup: driver = dnslookup - # if outbound, and forwarding has been done, use an alternate transport - domains = ! +local_domains - transport = ${if eq {$local_part@$domain} \ - {$original_local_part@$original_domain} \ - {remote_smtp} {remote_forwarded_smtp}} + domains = !+local_domains + transport = remote_smtp no_more localuser_spam: @@ -311,23 +305,6 @@ autoreplay: transport = userautoreply unseen -inbound_srs: - driver = redirect - senders = : - domains = +local_domains - # detect inbound bounces which are converted to SRS, and decode them - condition = ${if inbound_srs {$local_part} {SRS_SECRET}} - data = $srs_recipient - -inbound_srs_failure: - driver = redirect - senders = : - domains = +local_domains - # detect inbound bounces which look converted to SRS but are invalid - condition = ${if inbound_srs {$local_part} {}} - allow_fail - data = :fail: Invalid SRS recipient address - aliases: driver = redirect headers_add = X-redirected: yes @@ -376,23 +353,8 @@ remote_smtp: dkim_private_key = DKIM_PRIVATE_KEY dkim_canon = relaxed dkim_strict = 0 - hosts_try_fastopen = + hosts_try_fastopen = !*.l.google.com hosts_try_chunking = !93.188.3.0/24 - message_linelength_limit = 1G - -remote_forwarded_smtp: - driver = smtp - dkim_domain = DKIM_DOMAIN - dkim_selector = mail - dkim_private_key = DKIM_PRIVATE_KEY - dkim_canon = relaxed - dkim_strict = 0 - hosts_try_fastopen = - hosts_try_chunking = !93.188.3.0/24 - message_linelength_limit = 1G - # modify the envelope from, for mails that we forward - max_rcpt = 1 - return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} procmail: driver = pipe diff --git a/install/debian/12/exim/exim4.conf.template.without-srs b/install/debian/12/exim/exim4.conf.template.without-srs deleted file mode 100644 index 78eda468..00000000 --- a/install/debian/12/exim/exim4.conf.template.without-srs +++ /dev/null @@ -1,451 +0,0 @@ -###################################################################### -# # -# Exim configuration file for Vesta Control Panel # -# # -###################################################################### - -#SPAMASSASSIN = yes -#SPAM_SCORE = 50 -#CLAMD = yes - -disable_ipv6=true -add_environment=<; PATH=/bin:/usr/bin -keep_environment= -smtputf8_advertise_hosts = - -#local_interfaces = 0.0.0.0 -#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} -#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" - -domainlist local_domains = dsearch;/etc/exim4/domains/ -domainlist relay_to_domains = dsearch;/etc/exim4/domains/ -hostlist relay_from_hosts = 127.0.0.1 -hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf -hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf -no_local_from_check -untrusted_set_sender = * -acl_smtp_connect = acl_check_spammers -acl_smtp_mail = acl_check_mail -acl_smtp_rcpt = acl_check_rcpt -acl_smtp_data = acl_check_data -acl_smtp_mime = acl_check_mime - -LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 -LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 -LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 -LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 - -recipients_max = 150 -recipients_max_reject = true - -# log_selector = +smtp_connection -smtp_accept_max = 50 -smtp_accept_max_per_host = 4 - -.ifdef SPAMASSASSIN -spamd_address = 127.0.0.1 783 -.endif - -.ifdef CLAMD -av_scanner = clamd: /var/run/clamav/clamd.ctl -.endif - -tls_advertise_hosts = * -tls_certificate = /usr/local/vesta/ssl/certificate.crt -tls_privatekey = /usr/local/vesta/ssl/certificate.key - -daemon_smtp_ports = 25 : 465 : 587 : 2525 -tls_on_connect_ports = 465 -never_users = root -host_lookup = * -rfc1413_hosts = * -rfc1413_query_timeout = 0s -ignore_bounce_errors_after = 2d -timeout_frozen_after = 7d - -DKIM_DOMAIN = ${lc:${domain:$h_from:}} -DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem -DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} - - - -###################################################################### -# ACL CONFIGURATION # -# Specifies access control lists for incoming SMTP mail # -###################################################################### - -acl_not_smtp = acl_not_smtp - -begin acl - -acl_not_smtp: - deny message = Too many recipients, limit is $acl_c_max_recipients recipients - set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} - condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} - - deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id - - warn ratelimit = 0 / 1h / strict / $authenticated_id - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - - warn set acl_m3 = yes - - accept - -acl_check_spammers: - accept hosts = +whitelist - - drop message = Your host in blacklist on this server. - log_message = Host in blacklist - hosts = +spammers - - accept - - -acl_check_mail: - deny condition = ${if eq{$sender_helo_name}{}} - message = HELO required before MAIL - - drop !authenticated = * - message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid - condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} - delay = 45s - - drop !authenticated = * - condition = ${if isip{$sender_helo_name}} - message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - - drop !authenticated = * - condition = ${if eq{[$interface_address]}{$sender_helo_name}} - message = $interface_address is _my_ address - - accept - - -acl_check_rcpt: - accept hosts = : - - deny message = Too many recipients, limit is $acl_c_max_recipients recipients - set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} - condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} - - deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id - - warn ratelimit = 0 / 1h / strict / $authenticated_id - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - - warn set acl_m3 = no - - warn !authenticated = * - hosts = !+relay_from_hosts - condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} - set acl_m3 = yes - - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] - - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - - require verify = sender - - accept hosts = +relay_from_hosts - control = submission - - accept authenticated = * - control = submission/domain= - - deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text - hosts = !+whitelist - dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} - - require message = relay not permitted - domains = +local_domains : +relay_to_domains - - deny message = smtp auth requried - sender_domains = +local_domains - !authenticated = * - - require verify = recipient - -.ifdef CLAMD - warn set acl_m0 = no - - warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} - set acl_m0 = yes -.endif - -.ifdef SPAMASSASSIN - warn set acl_m1 = no - - warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} - set acl_m1 = yes -.endif - - accept - - -acl_check_data: - - deny senders = /etc/exim4/deny_senders - -.ifdef CLAMD - deny message = Message contains a virus ($malware_name) and has been rejected - malware = */defer_ok - condition = ${if eq{$acl_m0}{yes}{yes}{no}} -.endif - -.ifdef SPAMASSASSIN - warn !authenticated = * - hosts = !+relay_from_hosts - condition = ${if < {$message_size}{600K}} - condition = ${if eq{$acl_m1}{yes}{yes}{no}} - spam = nobody:true/defer_ok - add_header = X-Spam-Score: $spam_score_int - add_header = X-Spam-Bar: $spam_bar - add_header = X-Spam-Report: $spam_report - set acl_m2 = $spam_score_int - - warn condition = ${if !eq{$acl_m2}{} {yes}{no}} - condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} - add_header = X-Spam-Status: Yes - message = SpamAssassin detected spam (from $sender_address to $recipients). -.endif - - accept - - -acl_check_mime: - deny message = Blacklisted file extension detected - condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} - - accept - - - -###################################################################### -# AUTHENTICATION CONFIGURATION # -###################################################################### -begin authenticators - -dovecot_plain: - driver = dovecot - public_name = PLAIN - server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 - -dovecot_login: - driver = dovecot - public_name = LOGIN - server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 - - - -###################################################################### -# ROUTERS CONFIGURATION # -# Specifies how addresses are handled # -###################################################################### -begin routers - -#smarthost: -# driver = manualroute -# domains = ! +local_domains -# transport = remote_smtp -# route_list = * smartrelay.vestacp.com -# no_more -# no_verify - -dnslookup: - driver = dnslookup - domains = !+local_domains - transport = remote_smtp - no_more - -localuser_spam: - driver = accept - transport = local_spam_delivery - condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} - -userforward: - driver = redirect - check_local_user - file = $home/.forward - require_files = ${local_part}:+${home}/.forward - domains = +local_domains - allow_filter - no_verify - no_expn - check_ancestor - file_transport = address_file - pipe_transport = address_pipe - reply_transport = address_reply - -procmail: - driver = accept - check_local_user - require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail - transport = procmail - no_verify - -autoreplay: - driver = accept - require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg - condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} - retry_use_local_part - transport = userautoreply - unseen - -aliases: - driver = redirect - headers_add = X-redirected: yes - data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} - require_files = /etc/exim4/domains/$domain/aliases - redirect_router = dnslookup - pipe_transport = address_pipe - unseen - -localuser_fwd_only: - driver = accept - transport = devnull - condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} - -localuser: - driver = accept - transport = local_delivery - condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} - -catchall: - driver = redirect - headers_add = X-redirected: yes - require_files = /etc/exim4/domains/$domain/aliases - data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} - file_transport = local_delivery - redirect_router = dnslookup - -terminate_alias: - driver = accept - transport = devnull - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} - - - -###################################################################### -# TRANSPORTS CONFIGURATION # -###################################################################### -begin transports - -remote_smtp: - driver = smtp - #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} - #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" - dkim_domain = DKIM_DOMAIN - dkim_selector = mail - dkim_private_key = DKIM_PRIVATE_KEY - dkim_canon = relaxed - dkim_strict = 0 - hosts_try_fastopen = - hosts_try_chunking = !93.188.3.0/24 - message_linelength_limit = 1G - -procmail: - driver = pipe - command = "/usr/bin/procmail -d $local_part" - return_path_add - delivery_date_add - envelope_to_add - user = $local_part - initgroups - return_output - -local_delivery: - driver = appendfile - maildir_format - maildir_use_size_file - user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} - group = mail - create_directory - directory_mode = 770 - mode = 660 - use_lockfile = no - delivery_date_add - envelope_to_add - return_path_add - directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" - quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M - quota_warn_threshold = 75% - -local_spam_delivery: - driver = appendfile - maildir_format - maildir_use_size_file - user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} - group = mail - create_directory - directory_mode = 770 - mode = 660 - use_lockfile = no - delivery_date_add - envelope_to_add - return_path_add - directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" - quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M - quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" - quota_warn_threshold = 75% - -address_pipe: - driver = pipe - return_output - -address_file: - driver = appendfile - delivery_date_add - envelope_to_add - return_path_add - -address_reply: - driver = autoreply - -userautoreply: - driver = autoreply - file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg - from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" - headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit - subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" - to = "${sender_address}" - -devnull: - driver = appendfile - file = /dev/null - - - -###################################################################### -# RETRY CONFIGURATION # -###################################################################### -begin retry - -# Address or Domain Error Retries -# ----------------- ----- ------- -* * F,2h,15m; G,16h,1h,1.5; F,4d,6h - - - -###################################################################### -# REWRITE CONFIGURATION # -###################################################################### -begin rewrite - - - -###################################################################### diff --git a/install/debian/12/templates/web/awstats/awstats.tpl b/install/debian/12/templates/web/awstats/awstats.tpl index 6bb51c50..9a92e0fd 100755 --- a/install/debian/12/templates/web/awstats/awstats.tpl +++ b/install/debian/12/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1" +SkipHosts="127.0.0.1 SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/12/templates/web/nginx/private-hosting.sh b/install/debian/12/templates/web/nginx/private-hosting.sh index eeed37ef..abc9155d 100755 --- a/install/debian/12/templates/web/nginx/private-hosting.sh +++ b/install/debian/12/templates/web/nginx/private-hosting.sh @@ -1,11 +1,11 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 +#!/bin/bash +# Changing public_html permission +user="$1" +domain="$2" +ip="$3" +home_dir="$4" +docroot="$5" + +chmod 755 $docroot + +exit 0 diff --git a/install/debian/13/apache2/apache2.conf b/install/debian/13/apache2/apache2.conf deleted file mode 100644 index 2be3e50d..00000000 --- a/install/debian/13/apache2/apache2.conf +++ /dev/null @@ -1,95 +0,0 @@ -# It is split into several files forming the configuration hierarchy outlined -# below, all located in the /etc/apache2/ directory: -# -# /etc/apache2/ -# |-- apache2.conf -# | `-- ports.conf -# |-- mods-enabled -# | |-- *.load -# | `-- *.conf -# |-- conf.d -# | `-- * - -# Global configuration -PidFile ${APACHE_PID_FILE} -Timeout 900 -ProxyTimeout 900 -KeepAlive Off -MaxKeepAliveRequests 100 -KeepAliveTimeout 10 - - - StartServers 8 - MinSpareServers 5 - MaxSpareServers 20 - ServerLimit 256 - MaxClients 200 - MaxRequestsPerChild 4000 - - - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadLimit 64 - ThreadsPerChild 25 - MaxClients 200 - MaxRequestsPerChild 4000 - - - - StartServers 2 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadLimit 64 - ThreadsPerChild 25 - MaxClients 200 - MaxRequestsPerChild 4000 - - -# These need to be set in /etc/apache2/envvars -User ${APACHE_RUN_USER} -Group ${APACHE_RUN_GROUP} -#User www-data -#Group www-data - -AccessFileName .htaccess - - - Order allow,deny - Deny from all - Satisfy all - - -DefaultType None -HostnameLookups Off - -ErrorLog ${APACHE_LOG_DIR}/error.log -LogLevel warn - -# Include module configuration: -Include mods-enabled/*.load -Include mods-enabled/*.conf - -# Include list of ports to listen on and which to use for name based vhosts -Include ports.conf - -LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined -LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %O" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent -LogFormat "%b" bytes - -Include conf.d/ - -# Include the virtual host configurations: -#Include sites-enabled/ - -ErrorDocument 403 /error/403.html -ErrorDocument 404 /error/404.html -ErrorDocument 500 /error/50x.html -ErrorDocument 501 /error/50x.html -ErrorDocument 502 /error/50x.html -ErrorDocument 503 /error/50x.html -ErrorDocument 506 /error/50x.html diff --git a/install/debian/13/apache2/status.conf b/install/debian/13/apache2/status.conf deleted file mode 100644 index 0d82a356..00000000 --- a/install/debian/13/apache2/status.conf +++ /dev/null @@ -1,8 +0,0 @@ -Listen 127.0.0.1:8081 - - SetHandler server-status - Order deny,allow - Deny from all - Allow from 127.0.0.1 - # Allow from all - diff --git a/install/debian/13/bind/named.conf b/install/debian/13/bind/named.conf deleted file mode 100644 index ed6ece88..00000000 --- a/install/debian/13/bind/named.conf +++ /dev/null @@ -1,12 +0,0 @@ -// This is the primary configuration file for the BIND DNS server named. -// -// Please read /usr/share/doc/bind9/README.Debian.gz for information on the -// structure of BIND configuration files in Debian, *BEFORE* you customize -// this configuration file. -// -// If you are just adding zones, please do that in /etc/bind/named.conf.local - -include "/etc/bind/named.conf.options"; -include "/etc/bind/named.conf.local"; -include "/etc/bind/named.conf.default-zones"; - diff --git a/install/debian/13/clamav/clamd.conf b/install/debian/13/clamav/clamd.conf deleted file mode 100644 index c636b6d3..00000000 --- a/install/debian/13/clamav/clamd.conf +++ /dev/null @@ -1,61 +0,0 @@ -#Automatically Generated by clamav-base postinst -#To reconfigure clamd run #dpkg-reconfigure clamav-base -#Please read /usr/share/doc/clamav-base/README.Debian.gz for details -LocalSocket /var/run/clamav/clamd.ctl -FixStaleSocket true -LocalSocketGroup clamav -LocalSocketMode 666 -# TemporaryDirectory is not set to its default /tmp here to make overriding -# the default with environment variables TMPDIR/TMP/TEMP possible -User clamav -# AllowSupplementaryGroups true -ScanMail true -ScanArchive true -ArchiveBlockEncrypted false -MaxDirectoryRecursion 15 -FollowDirectorySymlinks false -FollowFileSymlinks false -ReadTimeout 180 -MaxThreads 12 -MaxConnectionQueueLength 15 -LogSyslog false -LogFacility LOG_LOCAL6 -LogClean true -LogVerbose true -PidFile /var/run/clamav/clamd.pid -DatabaseDirectory /var/lib/clamav -SelfCheck 3600 -Foreground false -Debug false -ScanPE true -ScanOLE2 true -ScanHTML true -ExitOnOOM false -LeaveTemporaryFiles false -AlgorithmicDetection true -ScanELF true -IdleTimeout 30 -PhishingSignatures true -PhishingScanURLs true -PhishingAlwaysBlockSSLMismatch false -PhishingAlwaysBlockCloak false -DetectPUA false -ScanPartialMessages false -HeuristicScanPrecedence false -StructuredDataDetection false -CommandReadTimeout 5 -SendBufTimeout 200 -MaxQueue 100 -ExtendedDetectionInfo true -OLE2BlockMacros false -StreamMaxLength 2M -MaxFileSize 2M -LogFile /var/log/clamav/clamav.log -LogTime true -LogFileUnlock false -LogFileMaxSize 0 -Bytecode true -BytecodeSecurity TrustSigned -BytecodeTimeout 60000 -OfficialDatabaseOnly false -CrossFilesystems true diff --git a/install/debian/13/deb_signing.key b/install/debian/13/deb_signing.key deleted file mode 100644 index d279abbd..00000000 --- a/install/debian/13/deb_signing.key +++ /dev/null @@ -1,41 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -mQGNBGDsPogBDADT7jiPewIuavqJZJMZ18c+kEC8N+/EK15k9zdBvcluxZ7gb5D6 -sKT3fVmLWD49mux+OoFs8DJH1LkpFe2Ax58NVMgDwCNUtcqeR8eB6nEWpZLjzJhZ -RD5+ZpUaX/emXrr7mxJ1SvT8PgWWerl2ZuPSlpPm4Ls6JO53AvPAsUVgMTHkfHNj -4/GqKtORkanzBwimC0bcB3BBRLH/kiW/TNi3hQnR5GYIaKWrc8oGpHHqX5BNw72O -JTSqTj8OZXKG7US6cXgBQuLN68sKd9TIy2HZdTKlqR1yQyc2BiPwVYDrJemM72VT -kuW0qbsOwji7rG2B6Pg1yggWXpB8Znczzi8AfzoFgXeOTi/hzcaf3YnAxfeL1Ofq -aOW+ReqsF1wxpgVwNj0DVquPTqzd4uCIGNNGGHhlIR434FyA4YNfxK63YxZS5SAR -leQGTUtBRdh1SOKPDZMcSlJ3wEfHKbp72qmnLdqUkGl//FZsCDdPFxx3wDCPPS2e -++g3ImqeaQ553nUAEQEAAbQhbXlWZXN0YSB0ZWFtIDxpbmZvQG15dmVzdGFjcC5j -b20+iQHOBBMBCgA4FiEEDcdTLoRXCPbKaPuqiIB9SyIhM4wFAmDsPogCGwMFCwkI -BwIGFQoJCAsCBBYCAwECHgECF4AACgkQiIB9SyIhM4yADAv+M62/6N+uFx9Izbj5 -HxZCzLEgvlQzdQcLJPDwFWYByVRiQRkRJWt5kqwNpndWoDo5zEtyKn3Yulbj6zyy -UqYhN0ctXyaFjKFIHIqrrz9P9AF2uGr17rTWbnRpjlMSkDSmUGXNEKO7gMtKiTo3 -olWldDELuM0MQddwMGgnqZPb3/Z+om68U1/6NS8A5hAHL+HuwcKGFZpFRJYXSOLY -lIpHyicifvkRAMkPp025Y3Who3EZMWq3Bpo78djtxfA4CoUn+OH64Hn0llkJ3vU6 -bM+KuC2ZrkHrzcqZbPbYnmEmVD1rkxVoOgzqE76fAY2I6YFY09uhdg0FbZeeMjA+ -DReBwINRFYsk6/maY7Zc82clfc7+vr3xmR+f+KEiUCU4mI72PnlU9LT9RuoCkKbo -znUZo+Xj6ezM6lCKGnOmqhvQmWR+hdsn1zX1ufxPA5uQyeFfR5VpAjvDOFykPA93 -3Et0ZdrKB2U6jjlGzWhsCkYphF7M0DVIRPOm1xLUJvLx+zB+uQGNBGDsPogBDADG -rJuQBsLJ6MWAGLydwaIBttwG3GOysSsQ1P09mbeOqiyCaWfEladePorTpKsbOHA/ -USAfjN8Eik81Un1Kik6rYU8ieGERKpCMiBkcNLQH/DnYyCNT5oaGqXtIQ+5GNn71 -mt7sLmf0yL3C320RJa8KSP+rAaey4ttLyl7rM1q8RPmlsRSxVjeiMw01i6cXmA1G -EJDuRbXdzDuo5utHDBMHgN0T0g8kgoTX9G2uwUTnJm9qzW2Lg3d4xoe2+H5/86Qm -0lVl5vLSMEPl01NcoTVgQpGO/yR3nJ4ubMkkbzCM0e0MByHqOKJ2LfW77BcvcoXg -coa7tF+6DZBB4UGyb1VuSZJoVOYN2tnSj2/taPk0yHJf/tLvNm/hVHEvXNXk09hy -fne0FZmHKwwp0TGSC8tzsHPRSbIOazifIC8pdN4fPTQyfI9tKxi26opCIAHHkcTr -7VOUvUNyAGVB9TU/nmzpvkv8BLCKSQM1FxUQ0owgFtrtIoMVxkYG5hb6EjAHyUcA -EQEAAYkBtgQYAQoAIBYhBA3HUy6EVwj2ymj7qoiAfUsiITOMBQJg7D6IAhsMAAoJ -EIiAfUsiITOMR40MALn5sqKFZ9FMe7982XMamanjPqO3Odi5/9rUXYKbJGjsaSof -lSC3OtqnRTVGE6KEuYErCKCpAk2ZvEf5eQHi264fC255zuxWihdcEQpiPK1DdlN3 -m9JNp/4Pns38Nn/zG3cFQuDEvDsC75xmxN7pi+ZkokodwA0PgaiMVh5mSos+Mc/G -fLcEes21xVk2DQ3Vw6p1P/39uujBPZ3J2unWBqv0rCFEpwgXm/d80Y0x31tq0ToZ -hf1r/GcoB6rC3sSAtUykrTZUaRv57BouvnAP9zfFlFSrYpJZ5L9/IawBH+O9yUu2 -N1jGq9eJ/RwHG1lKUBJd6wCWz1ZKzxnaoH9CfRC/aG9vRQWLSjiHCl2cnNDxElKx -JOT7RUjxlri4zvxdum49Vr8iEpjUFXzhRYq79SsmqkLuXZYQnccNFAdde8ZcPpKA -zhfavTutAPNJRyg9hbwxQYUH6N1i5J7ZZsqHB/GIBaSReXroacHjFYcU6uiBt/da -qiC8NLvRaE3PVkma9Q== -=RAbI ------END PGP PUBLIC KEY BLOCK----- diff --git a/install/debian/13/dovecot/conf.d/10-auth.conf b/install/debian/13/dovecot/conf.d/10-auth.conf deleted file mode 100644 index dfcc8311..00000000 --- a/install/debian/13/dovecot/conf.d/10-auth.conf +++ /dev/null @@ -1,4 +0,0 @@ -disable_plaintext_auth = no -auth_verbose = yes -auth_mechanisms = plain login -!include auth-passwdfile.conf.ext diff --git a/install/debian/13/dovecot/conf.d/10-logging.conf b/install/debian/13/dovecot/conf.d/10-logging.conf deleted file mode 100644 index a5f207d5..00000000 --- a/install/debian/13/dovecot/conf.d/10-logging.conf +++ /dev/null @@ -1 +0,0 @@ -log_path = /var/log/dovecot.log diff --git a/install/debian/13/dovecot/conf.d/10-mail.conf b/install/debian/13/dovecot/conf.d/10-mail.conf deleted file mode 100644 index 55313419..00000000 --- a/install/debian/13/dovecot/conf.d/10-mail.conf +++ /dev/null @@ -1,4 +0,0 @@ -mail_privileged_group = mail -mail_access_groups = mail -mail_location = maildir:%h/mail/%d/%n -pop3_uidl_format = %08Xu%08Xv diff --git a/install/debian/13/dovecot/conf.d/10-master.conf b/install/debian/13/dovecot/conf.d/10-master.conf deleted file mode 100644 index a75a9aaa..00000000 --- a/install/debian/13/dovecot/conf.d/10-master.conf +++ /dev/null @@ -1,29 +0,0 @@ -service imap-login { - inet_listener imap { - } - inet_listener imaps { - } -} - -service pop3-login { - inet_listener pop3 { - } - inet_listener pop3s { - } -} - - -service imap { -} - -service pop3 { -} - -service auth { - unix_listener auth-client { - group = mail - mode = 0660 - user = dovecot - } - user = dovecot -} diff --git a/install/debian/13/dovecot/conf.d/10-ssl.conf b/install/debian/13/dovecot/conf.d/10-ssl.conf deleted file mode 100644 index 3aaff6ee..00000000 --- a/install/debian/13/dovecot/conf.d/10-ssl.conf +++ /dev/null @@ -1,3 +0,0 @@ -ssl = yes -ssl_cert = = 2.1.4) : %v.%u - # Dovecot v0.99.x : %v.%u - # tpop3d : %Mf - # - # Note that Outlook 2003 seems to have problems with %v.%u format which was - # Dovecot's default, so if you're building a new server it would be a good - # idea to change this. %08Xu%08Xv should be pretty fail-safe. - # - #pop3_uidl_format = %08Xu%08Xv - - # Permanently save UIDLs sent to POP3 clients, so pop3_uidl_format changes - # won't change those UIDLs. Currently this works only with Maildir. - #pop3_save_uidl = no - - # What to do about duplicate UIDLs if they exist? - # allow: Show duplicates to clients. - # rename: Append a temporary -2, -3, etc. counter after the UIDL. - #pop3_uidl_duplicates = allow - - # POP3 logout format string: - # %i - total number of bytes read from client - # %o - total number of bytes sent to client - # %t - number of TOP commands - # %p - number of bytes sent to client as a result of TOP command - # %r - number of RETR commands - # %b - number of bytes sent to client as a result of RETR command - # %d - number of deleted messages - # %m - number of messages (before deletion) - # %s - mailbox size in bytes (before deletion) - # %u - old/new UIDL hash. may help finding out if UIDLs changed unexpectedly - #pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s - - # Maximum number of POP3 connections allowed for a user from each IP address. - # NOTE: The username is compared case-sensitively. - mail_max_userip_connections = 50 - - # Space separated list of plugins to load (default is global mail_plugins). - #mail_plugins = $mail_plugins - - # Workarounds for various client bugs: - # outlook-no-nuls: - # Outlook and Outlook Express hang if mails contain NUL characters. - # This setting replaces them with 0x80 character. - # oe-ns-eoh: - # Outlook Express and Netscape Mail breaks if end of headers-line is - # missing. This option simply sends it if it's missing. - # The list is space-separated. - #pop3_client_workarounds = -} diff --git a/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext b/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext deleted file mode 100644 index 75e6e115..00000000 --- a/install/debian/13/dovecot/conf.d/auth-passwdfile.conf.ext +++ /dev/null @@ -1,9 +0,0 @@ -passdb { - driver = passwd-file - args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd -} - -userdb { - driver = passwd-file - args = username_format=%n /etc/exim4/domains/%d/passwd -} diff --git a/install/debian/13/dovecot/dovecot.conf b/install/debian/13/dovecot/dovecot.conf deleted file mode 100644 index 0a855351..00000000 --- a/install/debian/13/dovecot/dovecot.conf +++ /dev/null @@ -1,4 +0,0 @@ -protocols = imap pop3 -listen = *, :: -base_dir = /var/run/dovecot/ -!include conf.d/*.conf diff --git a/install/debian/13/exim/deny_senders b/install/debian/13/exim/deny_senders deleted file mode 100644 index 8b137891..00000000 --- a/install/debian/13/exim/deny_senders +++ /dev/null @@ -1 +0,0 @@ - diff --git a/install/debian/13/exim/dnsbl.conf b/install/debian/13/exim/dnsbl.conf deleted file mode 100644 index 279bafcd..00000000 --- a/install/debian/13/exim/dnsbl.conf +++ /dev/null @@ -1 +0,0 @@ -bl.spamcop.net diff --git a/install/debian/13/exim/exim4.conf.template b/install/debian/13/exim/exim4.conf.template deleted file mode 100644 index 15264797..00000000 --- a/install/debian/13/exim/exim4.conf.template +++ /dev/null @@ -1,487 +0,0 @@ -###################################################################### -# # -# Exim configuration file for Vesta Control Panel # -# # -###################################################################### - -#SPAMASSASSIN = yes -#SPAM_SCORE = 50 -#CLAMD = yes - -disable_ipv6=true -add_environment=<; PATH=/bin:/usr/bin -keep_environment= -smtputf8_advertise_hosts = - -SRS_SECRET = ${readfile{/etc/exim4/srs.conf}} - -#local_interfaces = 0.0.0.0 -#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} -#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" - -domainlist local_domains = dsearch;/etc/exim4/domains/ -domainlist relay_to_domains = dsearch;/etc/exim4/domains/ -hostlist relay_from_hosts = 127.0.0.1 -hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf -hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf -no_local_from_check -untrusted_set_sender = * -acl_smtp_connect = acl_check_spammers -acl_smtp_mail = acl_check_mail -acl_smtp_rcpt = acl_check_rcpt -acl_smtp_data = acl_check_data -acl_smtp_mime = acl_check_mime - -LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 -LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 -LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 -LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 - -recipients_max = 150 -recipients_max_reject = true - -# log_selector = +smtp_connection -smtp_accept_max = 50 -smtp_accept_max_per_host = 4 - -.ifdef SPAMASSASSIN -spamd_address = 127.0.0.1 783 -.endif - -.ifdef CLAMD -av_scanner = clamd: /var/run/clamav/clamd.ctl -.endif - -tls_advertise_hosts = * -tls_certificate = /usr/local/vesta/ssl/certificate.crt -tls_privatekey = /usr/local/vesta/ssl/certificate.key - -daemon_smtp_ports = 25 : 465 : 587 : 2525 -tls_on_connect_ports = 465 -never_users = root -host_lookup = * -rfc1413_hosts = * -rfc1413_query_timeout = 0s -ignore_bounce_errors_after = 2d -timeout_frozen_after = 7d - -DKIM_DOMAIN = ${lc:${domain:$h_from:}} -DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem -DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} - - - -###################################################################### -# ACL CONFIGURATION # -# Specifies access control lists for incoming SMTP mail # -###################################################################### - -acl_not_smtp = acl_not_smtp - -begin acl - -acl_not_smtp: - deny message = Too many recipients, limit is $acl_c_max_recipients recipients - set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} - condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} - - deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id - - warn ratelimit = 0 / 1h / strict / $authenticated_id - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - - warn set acl_m3 = yes - - accept - -acl_check_spammers: - accept hosts = +whitelist - - drop message = Your host in blacklist on this server. - log_message = Host in blacklist - hosts = +spammers - - accept - - -acl_check_mail: - deny condition = ${if eq{$sender_helo_name}{}} - message = HELO required before MAIL - - drop !authenticated = * - message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid - condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} - delay = 45s - - drop !authenticated = * - condition = ${if isip{$sender_helo_name}} - message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - - drop !authenticated = * - condition = ${if eq{[$interface_address]}{$sender_helo_name}} - message = $interface_address is _my_ address - - accept - - -acl_check_rcpt: - accept hosts = : - - deny message = Too many recipients, limit is $acl_c_max_recipients recipients - set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} - condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} - - deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id - - warn ratelimit = 0 / 1h / strict / $authenticated_id - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - - warn set acl_m3 = no - - warn !authenticated = * - hosts = !+relay_from_hosts - condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} - set acl_m3 = yes - - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] - - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - - require verify = sender - - accept hosts = +relay_from_hosts - control = submission - - accept authenticated = * - control = submission/domain= - - deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text - hosts = !+whitelist - dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} - - require message = relay not permitted - domains = +local_domains : +relay_to_domains - - deny message = smtp auth requried - sender_domains = +local_domains - !authenticated = * - - require verify = recipient - -.ifdef CLAMD - warn set acl_m0 = no - - warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} - set acl_m0 = yes -.endif - -.ifdef SPAMASSASSIN - warn set acl_m1 = no - - warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} - set acl_m1 = yes -.endif - - accept - - -acl_check_data: - - deny senders = /etc/exim4/deny_senders - -.ifdef CLAMD - deny message = Message contains a virus ($malware_name) and has been rejected - malware = */defer_ok - condition = ${if eq{$acl_m0}{yes}{yes}{no}} -.endif - -.ifdef SPAMASSASSIN - warn !authenticated = * - hosts = !+relay_from_hosts - condition = ${if < {$message_size}{600K}} - condition = ${if eq{$acl_m1}{yes}{yes}{no}} - spam = nobody:true/defer_ok - add_header = X-Spam-Score: $spam_score_int - add_header = X-Spam-Bar: $spam_bar - add_header = X-Spam-Report: $spam_report - set acl_m2 = $spam_score_int - - warn condition = ${if !eq{$acl_m2}{} {yes}{no}} - condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} - add_header = X-Spam-Status: Yes - message = SpamAssassin detected spam (from $sender_address to $recipients). -.endif - - accept - - -acl_check_mime: - deny message = Blacklisted file extension detected - condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} - - accept - - - -###################################################################### -# AUTHENTICATION CONFIGURATION # -###################################################################### -begin authenticators - -dovecot_plain: - driver = dovecot - public_name = PLAIN - server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 - -dovecot_login: - driver = dovecot - public_name = LOGIN - server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 - - - -###################################################################### -# ROUTERS CONFIGURATION # -# Specifies how addresses are handled # -###################################################################### -begin routers - -#smarthost: -# driver = manualroute -# domains = ! +local_domains -# transport = remote_smtp -# route_list = * smartrelay.vestacp.com -# no_more -# no_verify - -dnslookup: - driver = dnslookup - # if outbound, and forwarding has been done, use an alternate transport - domains = ! +local_domains - transport = ${if eq {$local_part@$domain} \ - {$original_local_part@$original_domain} \ - {remote_smtp} {remote_forwarded_smtp}} - no_more - -localuser_spam: - driver = accept - transport = local_spam_delivery - condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} - -userforward: - driver = redirect - check_local_user - file = $home/.forward - require_files = ${local_part}:+${home}/.forward - domains = +local_domains - allow_filter - no_verify - no_expn - check_ancestor - file_transport = address_file - pipe_transport = address_pipe - reply_transport = address_reply - -procmail: - driver = accept - check_local_user - require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail - transport = procmail - no_verify - -autoreplay: - driver = accept - require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg - condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} - retry_use_local_part - transport = userautoreply - unseen - -inbound_srs: - driver = redirect - senders = : - domains = +local_domains - # detect inbound bounces which are converted to SRS, and decode them - condition = ${if inbound_srs {$local_part} {SRS_SECRET}} - data = $srs_recipient - -inbound_srs_failure: - driver = redirect - senders = : - domains = +local_domains - # detect inbound bounces which look converted to SRS but are invalid - condition = ${if inbound_srs {$local_part} {}} - allow_fail - data = :fail: Invalid SRS recipient address - -aliases: - driver = redirect - headers_add = X-redirected: yes - data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} - require_files = /etc/exim4/domains/$domain/aliases - redirect_router = dnslookup - pipe_transport = address_pipe - unseen - -localuser_fwd_only: - driver = accept - transport = devnull - condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} - -localuser: - driver = accept - transport = local_delivery - condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} - -catchall: - driver = redirect - headers_add = X-redirected: yes - require_files = /etc/exim4/domains/$domain/aliases - data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} - file_transport = local_delivery - redirect_router = dnslookup - -terminate_alias: - driver = accept - transport = devnull - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} - - - -###################################################################### -# TRANSPORTS CONFIGURATION # -###################################################################### -begin transports - -remote_smtp: - driver = smtp - #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} - #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" - dkim_domain = DKIM_DOMAIN - dkim_selector = mail - dkim_private_key = DKIM_PRIVATE_KEY - dkim_canon = relaxed - dkim_strict = 0 - hosts_try_fastopen = - hosts_try_chunking = !93.188.3.0/24 - message_linelength_limit = 1G - -remote_forwarded_smtp: - driver = smtp - dkim_domain = DKIM_DOMAIN - dkim_selector = mail - dkim_private_key = DKIM_PRIVATE_KEY - dkim_canon = relaxed - dkim_strict = 0 - hosts_try_fastopen = - hosts_try_chunking = !93.188.3.0/24 - message_linelength_limit = 1G - # modify the envelope from, for mails that we forward - max_rcpt = 1 - return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}} - -procmail: - driver = pipe - command = "/usr/bin/procmail -d $local_part" - return_path_add - delivery_date_add - envelope_to_add - user = $local_part - initgroups - return_output - -local_delivery: - driver = appendfile - maildir_format - maildir_use_size_file - user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} - group = mail - create_directory - directory_mode = 770 - mode = 660 - use_lockfile = no - delivery_date_add - envelope_to_add - return_path_add - directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" - quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M - quota_warn_threshold = 75% - -local_spam_delivery: - driver = appendfile - maildir_format - maildir_use_size_file - user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} - group = mail - create_directory - directory_mode = 770 - mode = 660 - use_lockfile = no - delivery_date_add - envelope_to_add - return_path_add - directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" - quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M - quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" - quota_warn_threshold = 75% - -address_pipe: - driver = pipe - return_output - -address_file: - driver = appendfile - delivery_date_add - envelope_to_add - return_path_add - -address_reply: - driver = autoreply - -userautoreply: - driver = autoreply - file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg - from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" - headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit - subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" - to = "${sender_address}" - -devnull: - driver = appendfile - file = /dev/null - - - -###################################################################### -# RETRY CONFIGURATION # -###################################################################### -begin retry - -# Address or Domain Error Retries -# ----------------- ----- ------- -* * F,2h,15m; G,16h,1h,1.5; F,4d,6h - - - -###################################################################### -# REWRITE CONFIGURATION # -###################################################################### -begin rewrite - - - -###################################################################### diff --git a/install/debian/13/exim/exim4.conf.template.without-srs b/install/debian/13/exim/exim4.conf.template.without-srs deleted file mode 100644 index 78eda468..00000000 --- a/install/debian/13/exim/exim4.conf.template.without-srs +++ /dev/null @@ -1,451 +0,0 @@ -###################################################################### -# # -# Exim configuration file for Vesta Control Panel # -# # -###################################################################### - -#SPAMASSASSIN = yes -#SPAM_SCORE = 50 -#CLAMD = yes - -disable_ipv6=true -add_environment=<; PATH=/bin:/usr/bin -keep_environment= -smtputf8_advertise_hosts = - -#local_interfaces = 0.0.0.0 -#smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/exim4/virtual/helo_data}{$value}} -#smtp_banner = "$smtp_active_hostname ESMTP $tod_full" - -domainlist local_domains = dsearch;/etc/exim4/domains/ -domainlist relay_to_domains = dsearch;/etc/exim4/domains/ -hostlist relay_from_hosts = 127.0.0.1 -hostlist whitelist = net-iplsearch;/etc/exim4/white-blocks.conf -hostlist spammers = net-iplsearch;/etc/exim4/spam-blocks.conf -no_local_from_check -untrusted_set_sender = * -acl_smtp_connect = acl_check_spammers -acl_smtp_mail = acl_check_mail -acl_smtp_rcpt = acl_check_rcpt -acl_smtp_data = acl_check_data -acl_smtp_mime = acl_check_mime - -LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS = 15 -LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS = 5 -LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 -LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR = 40 - -recipients_max = 150 -recipients_max_reject = true - -# log_selector = +smtp_connection -smtp_accept_max = 50 -smtp_accept_max_per_host = 4 - -.ifdef SPAMASSASSIN -spamd_address = 127.0.0.1 783 -.endif - -.ifdef CLAMD -av_scanner = clamd: /var/run/clamav/clamd.ctl -.endif - -tls_advertise_hosts = * -tls_certificate = /usr/local/vesta/ssl/certificate.crt -tls_privatekey = /usr/local/vesta/ssl/certificate.key - -daemon_smtp_ports = 25 : 465 : 587 : 2525 -tls_on_connect_ports = 465 -never_users = root -host_lookup = * -rfc1413_hosts = * -rfc1413_query_timeout = 0s -ignore_bounce_errors_after = 2d -timeout_frozen_after = 7d - -DKIM_DOMAIN = ${lc:${domain:$h_from:}} -DKIM_FILE = /etc/exim4/domains/${lookup{${lc:${domain:$h_from:}}}dsearch{/etc/exim4/domains/}}/dkim.pem -DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}} - - - -###################################################################### -# ACL CONFIGURATION # -# Specifies access control lists for incoming SMTP mail # -###################################################################### - -acl_not_smtp = acl_not_smtp - -begin acl - -acl_not_smtp: - deny message = Too many recipients, limit is $acl_c_max_recipients recipients - set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_recipients}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_RECIPIENTS}} - condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} - - deny message = Hosting account is sending too much emails [limitlog]: deny / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id - - warn ratelimit = 0 / 1h / strict / $authenticated_id - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_hosting_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_HOSTING_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - log_message = Sender rate [limitlog]: log / account / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - - warn set acl_m3 = yes - - accept - -acl_check_spammers: - accept hosts = +whitelist - - drop message = Your host in blacklist on this server. - log_message = Host in blacklist - hosts = +spammers - - accept - - -acl_check_mail: - deny condition = ${if eq{$sender_helo_name}{}} - message = HELO required before MAIL - - drop !authenticated = * - message = Helo name contains a ip address (HELO was $sender_helo_name) and not is valid - condition = ${if match{$sender_helo_name}{\N((\d{1,3}[.-]\d{1,3}[.-]\d{1,3}[.-]\d{1,3})|([0-9a-f]{8})|([0-9A-F]{8}))\N}{yes}{no}} - condition = ${if match {${lookup dnsdb{>: defer_never,ptr=$sender_host_address}}\}{$sender_helo_name}{no}{yes}} - delay = 45s - - drop !authenticated = * - condition = ${if isip{$sender_helo_name}} - message = Access denied - Invalid HELO name (See RFC2821 4.1.3) - - drop !authenticated = * - condition = ${if eq{[$interface_address]}{$sender_helo_name}} - message = $interface_address is _my_ address - - accept - - -acl_check_rcpt: - accept hosts = : - - deny message = Too many recipients, limit is $acl_c_max_recipients recipients - set acl_c_max_recipients=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_recipients}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_RECIPIENTS}} - condition = ${if >{$rcpt_count}{$acl_c_max_recipients}} - - deny message = Email account is sending too much emails [limitlog]: deny / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - ratelimit = $acl_c_limit_per_hour / 1h / $authenticated_id - - warn ratelimit = 0 / 1h / strict / $authenticated_id - set acl_c_limit_per_hour=${lookup{$authenticated_id}lsearch{/etc/exim4/limit_per_email_account_max_sent_emails_per_hour}{$value}{LIMIT_PER_EMAIL_ACCOUNT_MAX_SENT_EMAILS_PER_HOUR}} - log_message = Sender rate [limitlog]: log / email / $authenticated_id / $sender_rate / $sender_rate_period [limit=$acl_c_limit_per_hour] - - warn set acl_m3 = no - - warn !authenticated = * - hosts = !+relay_from_hosts - condition = ${if eq{${lookup{$domain}dsearch{/etc/exim4/domains/}}}{}{false}{true}} - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} - set acl_m3 = yes - - deny message = Restricted characters in address - domains = +local_domains - local_parts = ^[.] : ^.*[@%!/|] - - deny message = Restricted characters in address - domains = !+local_domains - local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ - - require verify = sender - - accept hosts = +relay_from_hosts - control = submission - - accept authenticated = * - control = submission/domain= - - deny message = Rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text - hosts = !+whitelist - dnslists = ${readfile {/etc/exim4/dnsbl.conf}{:}} - - require message = relay not permitted - domains = +local_domains : +relay_to_domains - - deny message = smtp auth requried - sender_domains = +local_domains - !authenticated = * - - require verify = recipient - -.ifdef CLAMD - warn set acl_m0 = no - - warn condition = ${if exists {/etc/exim4/domains/$domain/antivirus}{yes}{no}} - set acl_m0 = yes -.endif - -.ifdef SPAMASSASSIN - warn set acl_m1 = no - - warn condition = ${if exists {/etc/exim4/domains/$domain/antispam}{yes}{no}} - set acl_m1 = yes -.endif - - accept - - -acl_check_data: - - deny senders = /etc/exim4/deny_senders - -.ifdef CLAMD - deny message = Message contains a virus ($malware_name) and has been rejected - malware = */defer_ok - condition = ${if eq{$acl_m0}{yes}{yes}{no}} -.endif - -.ifdef SPAMASSASSIN - warn !authenticated = * - hosts = !+relay_from_hosts - condition = ${if < {$message_size}{600K}} - condition = ${if eq{$acl_m1}{yes}{yes}{no}} - spam = nobody:true/defer_ok - add_header = X-Spam-Score: $spam_score_int - add_header = X-Spam-Bar: $spam_bar - add_header = X-Spam-Report: $spam_report - set acl_m2 = $spam_score_int - - warn condition = ${if !eq{$acl_m2}{} {yes}{no}} - condition = ${if >{$acl_m2}{SPAM_SCORE} {yes}{no}} - add_header = X-Spam-Status: Yes - message = SpamAssassin detected spam (from $sender_address to $recipients). -.endif - - accept - - -acl_check_mime: - deny message = Blacklisted file extension detected - condition = ${if match {${lc:$mime_filename}}{\N(\.ade|\.adp|\.bat|\.chm|\.cmd|\.com|\.cpl|\.exe|\.hta|\.ins|\.isp|\.jse|\.lib|\.lnk|\.mde|\.msc|\.msp|\.mst|\.pif|\.scr|\.sct|\.shb|\.sys|\.vb|\.vbe|\.vbs|\.vxd|\.wsc|\.wsf|\.wsh|\.jar)$\N}{1}{0}} - - accept - - - -###################################################################### -# AUTHENTICATION CONFIGURATION # -###################################################################### -begin authenticators - -dovecot_plain: - driver = dovecot - public_name = PLAIN - server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 - -dovecot_login: - driver = dovecot - public_name = LOGIN - server_socket = /var/run/dovecot/auth-client - server_set_id = $auth1 - - - -###################################################################### -# ROUTERS CONFIGURATION # -# Specifies how addresses are handled # -###################################################################### -begin routers - -#smarthost: -# driver = manualroute -# domains = ! +local_domains -# transport = remote_smtp -# route_list = * smartrelay.vestacp.com -# no_more -# no_verify - -dnslookup: - driver = dnslookup - domains = !+local_domains - transport = remote_smtp - no_more - -localuser_spam: - driver = accept - transport = local_spam_delivery - condition = ${if eq {${if match{$h_X-Spam-Status:}{\N^Yes\N}{yes}{no}}} {${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{yes}{no_such_user}}}} - -userforward: - driver = redirect - check_local_user - file = $home/.forward - require_files = ${local_part}:+${home}/.forward - domains = +local_domains - allow_filter - no_verify - no_expn - check_ancestor - file_transport = address_file - pipe_transport = address_pipe - reply_transport = address_reply - -procmail: - driver = accept - check_local_user - require_files = ${local_part}:+${home}/.procmailrc:/usr/bin/procmail - transport = procmail - no_verify - -autoreplay: - driver = accept - require_files = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg - condition = ${if exists{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${local_part}.msg}{yes}{no}} - retry_use_local_part - transport = userautoreply - unseen - -aliases: - driver = redirect - headers_add = X-redirected: yes - data = ${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} - require_files = /etc/exim4/domains/$domain/aliases - redirect_router = dnslookup - pipe_transport = address_pipe - unseen - -localuser_fwd_only: - driver = accept - transport = devnull - condition = ${if exists{/etc/exim4/domains/$domain/fwd_only}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/fwd_only}{true}{false}}}} - -localuser: - driver = accept - transport = local_delivery - condition = ${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}{true}{false}} - -catchall: - driver = redirect - headers_add = X-redirected: yes - require_files = /etc/exim4/domains/$domain/aliases - data = ${extract{1}{:}{${lookup{*@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}}}} - file_transport = local_delivery - redirect_router = dnslookup - -terminate_alias: - driver = accept - transport = devnull - condition = ${lookup{$local_part@$domain}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/aliases}{true}{false}} - - - -###################################################################### -# TRANSPORTS CONFIGURATION # -###################################################################### -begin transports - -remote_smtp: - driver = smtp - #interface = ${if eq{$acl_m3}{yes}{FIRSTIP}{${lookup{$sender_address_domain}lsearch{/etc/exim4/virtual/interfaces} {$value}{SECONDIP}}}} - #helo_data = "${if eq{$acl_m3}{yes}{FIRSTHOST}{${lookup{$sending_ip_address}lsearch{/etc/exim4/virtual/helo_data}{$value}{SECONDHOST}}}}" - dkim_domain = DKIM_DOMAIN - dkim_selector = mail - dkim_private_key = DKIM_PRIVATE_KEY - dkim_canon = relaxed - dkim_strict = 0 - hosts_try_fastopen = - hosts_try_chunking = !93.188.3.0/24 - message_linelength_limit = 1G - -procmail: - driver = pipe - command = "/usr/bin/procmail -d $local_part" - return_path_add - delivery_date_add - envelope_to_add - user = $local_part - initgroups - return_output - -local_delivery: - driver = appendfile - maildir_format - maildir_use_size_file - user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} - group = mail - create_directory - directory_mode = 770 - mode = 660 - use_lockfile = no - delivery_date_add - envelope_to_add - return_path_add - directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" - quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M - quota_warn_threshold = 75% - -local_spam_delivery: - driver = appendfile - maildir_format - maildir_use_size_file - user = ${extract{2}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}} - group = mail - create_directory - directory_mode = 770 - mode = 660 - use_lockfile = no - delivery_date_add - envelope_to_add - return_path_add - directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}/.Spam" - quota = ${extract{6}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}M - quota_directory = "${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}/${lookup{$local_part}dsearch{${extract{5}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/passwd}}}}/mail/${lookup{$domain}dsearch{/etc/exim4/domains/}}}}" - quota_warn_threshold = 75% - -address_pipe: - driver = pipe - return_output - -address_file: - driver = appendfile - delivery_date_add - envelope_to_add - return_path_add - -address_reply: - driver = autoreply - -userautoreply: - driver = autoreply - file = /etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/autoreply.${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}.msg - from = "${extract{1}{:}{${lookup{$local_part}lsearch{/etc/exim4/domains/${lookup{$domain}dsearch{/etc/exim4/domains/}}/accounts}}}}@${lookup{$domain}dsearch{/etc/exim4/domains/}}" - headers = Content-Type: text/plain; charset=utf-8;\nContent-Transfer-Encoding: 8bit - subject = "${if def:h_Subject: {Autoreply: \"${rfc2047:$h_Subject:}\"} {Autoreply Message}}" - to = "${sender_address}" - -devnull: - driver = appendfile - file = /dev/null - - - -###################################################################### -# RETRY CONFIGURATION # -###################################################################### -begin retry - -# Address or Domain Error Retries -# ----------------- ----- ------- -* * F,2h,15m; G,16h,1h,1.5; F,4d,6h - - - -###################################################################### -# REWRITE CONFIGURATION # -###################################################################### -begin rewrite - - - -###################################################################### diff --git a/install/debian/13/exim/spam-blocks.conf b/install/debian/13/exim/spam-blocks.conf deleted file mode 100644 index e69de29b..00000000 diff --git a/install/debian/13/fail2ban/action.d/vesta.conf b/install/debian/13/fail2ban/action.d/vesta.conf deleted file mode 100644 index 0edfc349..00000000 --- a/install/debian/13/fail2ban/action.d/vesta.conf +++ /dev/null @@ -1,9 +0,0 @@ -# Fail2Ban configuration file for vesta - -[Definition] - -actionstart = /usr/local/vesta/bin/v-add-firewall-chain -actionstop = /usr/local/vesta/bin/v-delete-firewall-chain -actioncheck = iptables -n -L INPUT | grep -q 'fail2ban-[ \t]' -actionban = /usr/local/vesta/bin/v-add-firewall-ban -actionunban = /usr/local/vesta/bin/v-delete-firewall-ban diff --git a/install/debian/13/fail2ban/filter.d/vesta.conf b/install/debian/13/fail2ban/filter.d/vesta.conf deleted file mode 100644 index 36ec1001..00000000 --- a/install/debian/13/fail2ban/filter.d/vesta.conf +++ /dev/null @@ -1,10 +0,0 @@ -# Fail2Ban filter for unsuccessful Vesta authentication attempts -# - -[INCLUDES] -before = common.conf - -[Definition] -failregex = .* failed to login -ignoreregex = - diff --git a/install/debian/13/fail2ban/jail.local b/install/debian/13/fail2ban/jail.local deleted file mode 100644 index eccea068..00000000 --- a/install/debian/13/fail2ban/jail.local +++ /dev/null @@ -1,39 +0,0 @@ -[ssh-iptables] -enabled = true -filter = sshd -action = vesta[name=SSH] -logpath = /var/log/auth.log -maxretry = 5 - -[vsftpd-iptables] -enabled = false -filter = vsftpd -action = vesta[name=FTP] -logpath = /var/log/vsftpd.log -maxretry = 5 - -[exim-iptables] -enabled = true -filter = exim -action = vesta[name=MAIL] -logpath = /var/log/exim4/mainlog - -[dovecot-iptables] -enabled = true -filter = dovecot -action = vesta[name=MAIL] -logpath = /var/log/dovecot.log - -[mysqld-iptables] -enabled = false -filter = mysqld-auth -action = vesta[name=DB] -logpath = /var/log/mysql.log -maxretry = 5 - -[vesta-iptables] -enabled = true -filter = vesta -action = vesta[name=VESTA] -logpath = /var/log/vesta/auth.log -maxretry = 5 diff --git a/install/debian/13/firewall/ports.conf b/install/debian/13/firewall/ports.conf deleted file mode 100644 index b730d012..00000000 --- a/install/debian/13/firewall/ports.conf +++ /dev/null @@ -1,17 +0,0 @@ -PROTOCOL='TCP' PORT='20' -PROTOCOL='TCP' PORT='21' -PROTOCOL='TCP' PORT='22' -PROTOCOL='TCP' PORT='25' -PROTOCOL='TCP' PORT='53' -PROTOCOL='UDP' PORT='53' -PROTOCOL='TCP' PORT='80' -PROTOCOL='TCP' PORT='443' -PROTOCOL='TCP' PORT='110' -PROTOCOL='UDP' PORT='123' -PROTOCOL='TCP' PORT='143' -PROTOCOL='TCP' PORT='3306' -PROTOCOL='TCP' PORT='5432' -PROTOCOL='TCP' PORT='8080' -PROTOCOL='TCP' PORT='8433' -PROTOCOL='TCP' PORT='8083' -PROTOCOL='TCP' PORT='12000:12100' diff --git a/install/debian/13/firewall/rules.conf b/install/debian/13/firewall/rules.conf deleted file mode 100644 index 6da5a1c4..00000000 --- a/install/debian/13/firewall/rules.conf +++ /dev/null @@ -1,11 +0,0 @@ -RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' -RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='yes' TIME='07:40:16' DATE='2014-05-25' -RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='7' ACTION='ACCEPT' PROTOCOL='TCP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='8' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21,12000-12100' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' -RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' -RULE='11' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/install/debian/13/logrotate/apache2 b/install/debian/13/logrotate/apache2 deleted file mode 100644 index 27629d0d..00000000 --- a/install/debian/13/logrotate/apache2 +++ /dev/null @@ -1,19 +0,0 @@ -/var/log/apache2/*.log /var/log/apache2/domains/*log { - weekly - missingok - rotate 52 - compress - delaycompress - notifempty - create 640 root adm - sharedscripts - postrotate - /etc/init.d/apache2 reload > /dev/null || true - [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid` - endscript - prerotate - if [ -d /etc/logrotate.d/httpd-prerotate ]; then \ - run-parts /etc/logrotate.d/httpd-prerotate; \ - fi; \ - endscript -} diff --git a/install/debian/13/logrotate/dovecot b/install/debian/13/logrotate/dovecot deleted file mode 100644 index ac4fd6e9..00000000 --- a/install/debian/13/logrotate/dovecot +++ /dev/null @@ -1,12 +0,0 @@ -/var/log/dovecot*.log { - weekly - rotate 4 - missingok - notifempty - compress - delaycompress - sharedscripts - postrotate - doveadm log reopen - endscript -} diff --git a/install/debian/13/logrotate/nginx b/install/debian/13/logrotate/nginx deleted file mode 100644 index d667f213..00000000 --- a/install/debian/13/logrotate/nginx +++ /dev/null @@ -1,13 +0,0 @@ -/var/log/nginx/*log /var/log/nginx/domains/*log { - daily - missingok - rotate 52 - compress - delaycompress - notifempty - create 640 nginx adm - sharedscripts - postrotate - [ -f /var/run/nginx.pid ] && kill -USR1 `cat /var/run/nginx.pid` - endscript -} diff --git a/install/debian/13/logrotate/vesta b/install/debian/13/logrotate/vesta deleted file mode 100644 index 027a3439..00000000 --- a/install/debian/13/logrotate/vesta +++ /dev/null @@ -1,7 +0,0 @@ -/usr/local/vesta/log/*.log { - missingok - notifempty - size 30k - yearly - create 0600 root root -} diff --git a/install/debian/13/mysql/my-large.cnf b/install/debian/13/mysql/my-large.cnf deleted file mode 100644 index b056c316..00000000 --- a/install/debian/13/mysql/my-large.cnf +++ /dev/null @@ -1,51 +0,0 @@ -[client] -default-character-set=utf8mb4 -port=3306 -socket=/var/run/mysqld/mysqld.sock - -[mysqld_safe] -socket=/var/run/mysqld/mysqld.sock - -[mysql] -default-character-set=utf8mb4 - -[mysqld] -collation-server = utf8mb4_unicode_520_ci -init-connect='SET NAMES utf8mb4' -character-set-server = utf8mb4 -user=mysql -pid-file=/var/run/mysqld/mysqld.pid -socket=/var/run/mysqld/mysqld.sock -port=3306 -basedir=/usr -datadir=/var/lib/mysql -tmpdir=/tmp -lc-messages-dir=/usr/share/mysql -log_error=/var/log/mysql/error.log - -symbolic-links=0 - -skip-external-locking -key_buffer_size = 256M -max_allowed_packet = 32M -table_open_cache = 256 -sort_buffer_size = 1M -read_buffer_size = 1M -read_rnd_buffer_size = 4M -myisam_sort_buffer_size = 64M -thread_cache_size = 8 -query_cache_size= 16M -thread_concurrency = 8 - -#innodb_use_native_aio = 0 -innodb_file_per_table - -max_connections=200 -max_user_connections=50 -wait_timeout=10 -interactive_timeout=50 -long_query_time=5 - -sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION - -!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/mysql/my-medium.cnf b/install/debian/13/mysql/my-medium.cnf deleted file mode 100644 index 33aa04c2..00000000 --- a/install/debian/13/mysql/my-medium.cnf +++ /dev/null @@ -1,49 +0,0 @@ -[client] -default-character-set=utf8mb4 -port=3306 -socket=/var/run/mysqld/mysqld.sock - -[mysqld_safe] -socket=/var/run/mysqld/mysqld.sock - -[mysql] -default-character-set=utf8mb4 - -[mysqld] -collation-server = utf8mb4_unicode_520_ci -init-connect='SET NAMES utf8mb4' -character-set-server = utf8mb4 -user=mysql -pid-file=/var/run/mysqld/mysqld.pid -socket=/var/run/mysqld/mysqld.sock -port=3306 -basedir=/usr -datadir=/var/lib/mysql -tmpdir=/tmp -lc-messages-dir=/usr/share/mysql -log_error=/var/log/mysql/error.log - -symbolic-links=0 - -skip-external-locking -key_buffer_size = 16M -max_allowed_packet = 16M -table_open_cache = 64 -sort_buffer_size = 512K -net_buffer_length = 8K -read_buffer_size = 256K -read_rnd_buffer_size = 512K -myisam_sort_buffer_size = 8M - -#innodb_use_native_aio = 0 -innodb_file_per_table - -max_connections=70 -max_user_connections=30 -wait_timeout=10 -interactive_timeout=50 -long_query_time=5 - -sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION - -!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/mysql/my-small.cnf b/install/debian/13/mysql/my-small.cnf deleted file mode 100644 index 857f48ce..00000000 --- a/install/debian/13/mysql/my-small.cnf +++ /dev/null @@ -1,49 +0,0 @@ -[client] -default-character-set=utf8mb4 -port=3306 -socket=/var/run/mysqld/mysqld.sock - -[mysqld_safe] -socket=/var/run/mysqld/mysqld.sock - -[mysql] -default-character-set=utf8mb4 - -[mysqld] -collation-server = utf8mb4_unicode_520_ci -init-connect='SET NAMES utf8mb4' -character-set-server = utf8mb4 -user=mysql -pid-file=/var/run/mysqld/mysqld.pid -socket=/var/run/mysqld/mysqld.sock -port=3306 -basedir=/usr -datadir=/var/lib/mysql -tmpdir=/tmp -lc-messages-dir=/usr/share/mysql -log_error=/var/log/mysql/error.log - -symbolic-links=0 - -skip-external-locking -key_buffer_size = 16K -max_allowed_packet = 1M -table_open_cache = 4 -sort_buffer_size = 64K -read_buffer_size = 256K -read_rnd_buffer_size = 256K -net_buffer_length = 2K -thread_stack = 240K - -#innodb_use_native_aio = 0 -innodb_file_per_table - -max_connections=30 -max_user_connections=20 -wait_timeout=10 -interactive_timeout=50 -long_query_time=5 - -sql_mode=ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION - -!includedir /etc/mysql/conf.d/ diff --git a/install/debian/13/nginx/nginx.conf b/install/debian/13/nginx/nginx.conf deleted file mode 100644 index 6efe2337..00000000 --- a/install/debian/13/nginx/nginx.conf +++ /dev/null @@ -1,140 +0,0 @@ -# Server globals -user www-data; -worker_processes auto; -worker_rlimit_nofile 65535; -timer_resolution 50ms; #In order to free some CPU cycles -error_log /var/log/nginx/error.log crit; -pid /var/run/nginx.pid; - - -# Worker config -events { - worker_connections 1024; - use epoll; - multi_accept on; -} - - -http { - # Main settings - sendfile on; - tcp_nopush on; - tcp_nodelay on; - client_header_timeout 1m; - client_body_timeout 1m; - client_header_buffer_size 2k; - client_body_buffer_size 256k; - client_max_body_size 256m; - large_client_header_buffers 4 8k; - send_timeout 30; - keepalive_timeout 60 60; - reset_timedout_connection on; - server_tokens off; - server_name_in_redirect off; - server_names_hash_max_size 512; - server_names_hash_bucket_size 512; - - - # Log format - log_format main '$remote_addr - $remote_user [$time_local] $request ' - '"$status" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - log_format bytes '$body_bytes_sent'; - #access_log /var/log/nginx/access.log main; - access_log off; - - - # Mime settings - include /etc/nginx/mime.types; - default_type application/octet-stream; - - - # Compression - gzip on; - gzip_comp_level 9; - gzip_min_length 512; - gzip_buffers 8 64k; - gzip_types text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype; - gzip_proxied any; - gzip_disable "MSIE [1-6]\."; - - # Proxy settings - proxy_redirect off; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass_header Set-Cookie; - proxy_connect_timeout 900; - proxy_send_timeout 900; - proxy_read_timeout 900; - proxy_buffer_size 128k; - proxy_buffers 4 256k; - proxy_busy_buffers_size 256k; - - - # Cloudflare https://www.cloudflare.com/ips - set_real_ip_from 173.245.48.0/20; - set_real_ip_from 103.21.244.0/22; - set_real_ip_from 103.22.200.0/22; - set_real_ip_from 103.31.4.0/22; - set_real_ip_from 104.16.0.0/13; - set_real_ip_from 104.24.0.0/14; - set_real_ip_from 141.101.64.0/18; - set_real_ip_from 108.162.192.0/18; - set_real_ip_from 190.93.240.0/20; - set_real_ip_from 188.114.96.0/20; - set_real_ip_from 197.234.240.0/22; - set_real_ip_from 198.41.128.0/17; - set_real_ip_from 162.158.0.0/15; - set_real_ip_from 172.64.0.0/13; - set_real_ip_from 131.0.72.0/22; - set_real_ip_from 2400:cb00::/32; - set_real_ip_from 2606:4700::/32; - set_real_ip_from 2803:f800::/32; - set_real_ip_from 2405:b500::/32; - set_real_ip_from 2405:8100::/32; - set_real_ip_from 2a06:98c0::/29; - set_real_ip_from 2c0f:f248::/32; - real_ip_header CF-Connecting-IP; - - - # SSL PCI Compliance - ssl_session_cache shared:SSL:10m; - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - - - # Error pages - error_page 403 /error/403.html; - error_page 404 /error/404.html; - error_page 502 503 504 /error/50x.html; - - - # Cache settings - proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m; - proxy_cache_key "$host$request_uri $cookie_user"; - proxy_temp_path /var/cache/nginx/temp; - proxy_ignore_headers Expires Cache-Control; - proxy_cache_use_stale error timeout invalid_header http_502; - proxy_cache_valid any 1d; - - - # Cache bypass - map $http_cookie $no_cache { - default 0; - ~SESS 1; - ~wordpress_logged_in 1; - } - - - # File cache settings - open_file_cache max=10000 inactive=30s; - open_file_cache_valid 60s; - open_file_cache_min_uses 2; - open_file_cache_errors off; - - - # Wildcard include - include /etc/nginx/conf.d/*.conf; -} diff --git a/install/debian/13/nginx/phpmyadmin.inc b/install/debian/13/nginx/phpmyadmin.inc deleted file mode 100644 index cdfc93c4..00000000 --- a/install/debian/13/nginx/phpmyadmin.inc +++ /dev/null @@ -1,18 +0,0 @@ -location /phpmyadmin { - alias /usr/share/phpmyadmin; - - location ~ /(libraries|setup) { - return 404; - } - - location ~ ^/phpmyadmin/(.*\.php)$ { - alias /usr/share/phpmyadmin/$1; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $request_filename; - } - location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { - root /usr/share/; - } -} diff --git a/install/debian/13/nginx/phppgadmin.inc b/install/debian/13/nginx/phppgadmin.inc deleted file mode 100644 index 47cfcf4e..00000000 --- a/install/debian/13/nginx/phppgadmin.inc +++ /dev/null @@ -1,11 +0,0 @@ -location /phppgadmin { - alias /usr/share/phppgadmin; - - location ~ ^/phppgadmin/(.*\.php)$ { - alias /usr/share/phppgadmin/$1; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $request_filename; - } -} diff --git a/install/debian/13/nginx/status.conf b/install/debian/13/nginx/status.conf deleted file mode 100644 index c0bcd069..00000000 --- a/install/debian/13/nginx/status.conf +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 127.0.0.1:8084 default; - server_name _; - server_name_in_redirect off; - location / { - stub_status on; - access_log off; - } -} diff --git a/install/debian/13/nginx/webmail.inc b/install/debian/13/nginx/webmail.inc deleted file mode 100644 index 768c9049..00000000 --- a/install/debian/13/nginx/webmail.inc +++ /dev/null @@ -1,15 +0,0 @@ -location /webmail { - alias /var/lib/roundcube; - - location ~ /(config|temp|logs) { - return 404; - } - - location ~ ^/webmail/(.*\.php)$ { - alias /var/lib/roundcube/$1; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $request_filename; - } -} diff --git a/install/debian/13/packages/default.pkg b/install/debian/13/packages/default.pkg deleted file mode 100644 index cd1cbba1..00000000 --- a/install/debian/13/packages/default.pkg +++ /dev/null @@ -1,18 +0,0 @@ -WEB_TEMPLATE='PHP-FPM-82' -PROXY_TEMPLATE='hosting' -DNS_TEMPLATE='default' -WEB_DOMAINS='unlimited' -WEB_ALIASES='unlimited' -DNS_DOMAINS='unlimited' -DNS_RECORDS='unlimited' -MAIL_DOMAINS='unlimited' -MAIL_ACCOUNTS='unlimited' -DATABASES='unlimited' -CRON_JOBS='unlimited' -DISK_QUOTA='unlimited' -BANDWIDTH='unlimited' -NS='YOURHOSTNAME1,YOURHOSTNAME2' -SHELL='nologin' -BACKUPS='2' -TIME='18:00:00' -DATE='2017-12-28' diff --git a/install/debian/13/pga/config.inc.php b/install/debian/13/pga/config.inc.php deleted file mode 100644 index 1eec9776..00000000 --- a/install/debian/13/pga/config.inc.php +++ /dev/null @@ -1,159 +0,0 @@ - diff --git a/install/debian/13/pga/phppgadmin.conf b/install/debian/13/pga/phppgadmin.conf deleted file mode 100644 index f39247d6..00000000 --- a/install/debian/13/pga/phppgadmin.conf +++ /dev/null @@ -1,31 +0,0 @@ -Alias /phppgadmin /usr/share/phppgadmin - - - -DirectoryIndex index.php -AllowOverride None - -order deny,allow -deny from all -allow from 127.0.0.0/255.0.0.0 ::1/128 -allow from all - - - php_flag magic_quotes_gpc Off - php_flag track_vars On - php_value include_path . - - - - - AddType application/x-httpd-php .php - Action application/x-httpd-php /cgi-bin/php - - - AddType application/x-httpd-php .php - Action application/x-httpd-php /cgi-bin/php - - - - - diff --git a/install/debian/13/php-fpm/www.conf b/install/debian/13/php-fpm/www.conf deleted file mode 100644 index 3c87f33c..00000000 --- a/install/debian/13/php-fpm/www.conf +++ /dev/null @@ -1,11 +0,0 @@ -[www] -listen = 127.0.0.1:9000 -listen.allowed_clients = 127.0.0.1 - -user = www-data -group = www-data - -pm = ondemand -pm.max_children = 2 -pm.max_requests = 4000 -pm.process_idle_timeout = 10s diff --git a/install/debian/13/php/php7.3-dedi.patch b/install/debian/13/php/php7.3-dedi.patch deleted file mode 100644 index c044e002..00000000 --- a/install/debian/13/php/php7.3-dedi.patch +++ /dev/null @@ -1,78 +0,0 @@ ---- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 -+++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 -@@ -312,7 +312,8 @@ - ; This directive allows you to disable certain functions for security reasons. - ; It receives a comma-delimited list of function names. - ; http://php.net/disable-functions --disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, -+; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, -+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen - - ; This directive allows you to disable certain classes for security reasons. - ; It receives a comma-delimited list of class names. -@@ -399,11 +400,11 @@ - ;max_input_nesting_level = 64 - - ; How many GET/POST/COOKIE input variables may be accepted --;max_input_vars = 1000 -+max_input_vars = 6000 - - ; Maximum amount of memory a script may consume (128MB) - ; http://php.net/memory-limit --memory_limit = 128M -+memory_limit = 256M - - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - ; Error handling and logging ; -@@ -690,7 +691,7 @@ - ; Its value may be 0 to disable the limit. It is ignored if POST data reading - ; is disabled through enable_post_data_reading. - ; http://php.net/post-max-size --post_max_size = 8M -+post_max_size = 60M - - ; Automatically add files before PHP document. - ; http://php.net/auto-prepend-file -@@ -842,7 +843,7 @@ - - ; Maximum allowed size for uploaded files. - ; http://php.net/upload-max-filesize --upload_max_filesize = 2M -+upload_max_filesize = 50M - - ; Maximum number of files that can be uploaded via a single request - max_file_uploads = 20 -@@ -1087,7 +1088,7 @@ - - ; The path to a log file that will log all mail() calls. Log entries include - ; the full path of the script, line number, To address and headers. --;mail.log = -+mail.log = /var/log/php-mail.log - ; Log mail to syslog (Event Log on Windows). - ;mail.log = syslog - -@@ -1791,20 +1792,20 @@ - - [opcache] - ; Determines if Zend OPCache is enabled --;opcache.enable=1 -+opcache.enable=1 - - ; Determines if Zend OPCache is enabled for the CLI version of PHP --;opcache.enable_cli=0 -+opcache.enable_cli=0 - - ; The OPcache shared memory storage size. --;opcache.memory_consumption=128 -+opcache.memory_consumption=2048 - - ; The amount of memory for interned strings in Mbytes. - ;opcache.interned_strings_buffer=8 - - ; The maximum number of keys (scripts) in the OPcache hash table. - ; Only numbers between 200 and 1000000 are allowed. --;opcache.max_accelerated_files=10000 -+opcache.max_accelerated_files=100000 - - ; The maximum percentage of "wasted" memory until a restart is scheduled. - ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.3-vps.patch b/install/debian/13/php/php7.3-vps.patch deleted file mode 100644 index 803b93e8..00000000 --- a/install/debian/13/php/php7.3-vps.patch +++ /dev/null @@ -1,78 +0,0 @@ ---- /etc/php/7.3/fpm/php.ini.orig 2019-07-18 16:11:18.856589963 +0200 -+++ /etc/php/7.3/fpm/php.ini 2019-07-18 17:45:51.000000000 +0200 -@@ -312,7 +312,8 @@ - ; This directive allows you to disable certain functions for security reasons. - ; It receives a comma-delimited list of function names. - ; http://php.net/disable-functions --disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, -+; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, -+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen - - ; This directive allows you to disable certain classes for security reasons. - ; It receives a comma-delimited list of class names. -@@ -399,11 +400,11 @@ - ;max_input_nesting_level = 64 - - ; How many GET/POST/COOKIE input variables may be accepted --;max_input_vars = 1000 -+max_input_vars = 6000 - - ; Maximum amount of memory a script may consume (128MB) - ; http://php.net/memory-limit --memory_limit = 128M -+memory_limit = 256M - - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - ; Error handling and logging ; -@@ -690,7 +691,7 @@ - ; Its value may be 0 to disable the limit. It is ignored if POST data reading - ; is disabled through enable_post_data_reading. - ; http://php.net/post-max-size --post_max_size = 8M -+post_max_size = 60M - - ; Automatically add files before PHP document. - ; http://php.net/auto-prepend-file -@@ -842,7 +843,7 @@ - - ; Maximum allowed size for uploaded files. - ; http://php.net/upload-max-filesize --upload_max_filesize = 2M -+upload_max_filesize = 50M - - ; Maximum number of files that can be uploaded via a single request - max_file_uploads = 20 -@@ -1087,7 +1088,7 @@ - - ; The path to a log file that will log all mail() calls. Log entries include - ; the full path of the script, line number, To address and headers. --;mail.log = -+mail.log = /var/log/php-mail.log - ; Log mail to syslog (Event Log on Windows). - ;mail.log = syslog - -@@ -1791,20 +1792,20 @@ - - [opcache] - ; Determines if Zend OPCache is enabled --;opcache.enable=1 -+opcache.enable=1 - - ; Determines if Zend OPCache is enabled for the CLI version of PHP --;opcache.enable_cli=0 -+opcache.enable_cli=0 - - ; The OPcache shared memory storage size. --;opcache.memory_consumption=128 -+opcache.memory_consumption=512 - - ; The amount of memory for interned strings in Mbytes. - ;opcache.interned_strings_buffer=8 - - ; The maximum number of keys (scripts) in the OPcache hash table. - ; Only numbers between 200 and 1000000 are allowed. --;opcache.max_accelerated_files=10000 -+opcache.max_accelerated_files=100000 - - ; The maximum percentage of "wasted" memory until a restart is scheduled. - ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.4-dedi.patch b/install/debian/13/php/php7.4-dedi.patch deleted file mode 100644 index 3e5bd2fb..00000000 --- a/install/debian/13/php/php7.4-dedi.patch +++ /dev/null @@ -1,78 +0,0 @@ ---- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 -+++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:25:15.000000000 +0200 -@@ -309,7 +309,8 @@ - ; This directive allows you to disable certain functions. - ; It receives a comma-delimited list of function names. - ; http://php.net/disable-functions --disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, -+; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, -+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen - - ; This directive allows you to disable certain classes. - ; It receives a comma-delimited list of class names. -@@ -402,11 +403,11 @@ - ;max_input_nesting_level = 64 - - ; How many GET/POST/COOKIE input variables may be accepted --;max_input_vars = 1000 -+max_input_vars = 6000 - - ; Maximum amount of memory a script may consume - ; http://php.net/memory-limit --memory_limit = 128M -+memory_limit = 256M - - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - ; Error handling and logging ; -@@ -691,7 +692,7 @@ - ; Its value may be 0 to disable the limit. It is ignored if POST data reading - ; is disabled through enable_post_data_reading. - ; http://php.net/post-max-size --post_max_size = 8M -+post_max_size = 60M - - ; Automatically add files before PHP document. - ; http://php.net/auto-prepend-file -@@ -843,7 +844,7 @@ - - ; Maximum allowed size for uploaded files. - ; http://php.net/upload-max-filesize --upload_max_filesize = 2M -+upload_max_filesize = 50M - - ; Maximum number of files that can be uploaded via a single request - max_file_uploads = 20 -@@ -1089,7 +1090,7 @@ - - ; The path to a log file that will log all mail() calls. Log entries include - ; the full path of the script, line number, To address and headers. --;mail.log = -+mail.log = /var/log/php-mail.log - ; Log mail to syslog (Event Log on Windows). - ;mail.log = syslog - -@@ -1766,20 +1767,20 @@ - - [opcache] - ; Determines if Zend OPCache is enabled --;opcache.enable=1 -+opcache.enable=1 - - ; Determines if Zend OPCache is enabled for the CLI version of PHP --;opcache.enable_cli=0 -+opcache.enable_cli=0 - - ; The OPcache shared memory storage size. --;opcache.memory_consumption=128 -+opcache.memory_consumption=2048 - - ; The amount of memory for interned strings in Mbytes. - ;opcache.interned_strings_buffer=8 - - ; The maximum number of keys (scripts) in the OPcache hash table. - ; Only numbers between 200 and 1000000 are allowed. --;opcache.max_accelerated_files=10000 -+opcache.max_accelerated_files=100000 - - ; The maximum percentage of "wasted" memory until a restart is scheduled. - ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/php/php7.4-vps.patch b/install/debian/13/php/php7.4-vps.patch deleted file mode 100644 index 7c52d402..00000000 --- a/install/debian/13/php/php7.4-vps.patch +++ /dev/null @@ -1,78 +0,0 @@ ---- /etc/php/7.4/fpm/php.ini.orig 2021-07-16 16:12:30.027464762 +0200 -+++ /etc/php/7.4/fpm/php.ini 2021-07-16 16:24:26.000000000 +0200 -@@ -309,7 +309,8 @@ - ; This directive allows you to disable certain functions. - ; It receives a comma-delimited list of function names. - ; http://php.net/disable-functions --disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, -+; disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, -+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,system,passthru,shell_exec,proc_open,popen - - ; This directive allows you to disable certain classes. - ; It receives a comma-delimited list of class names. -@@ -402,11 +403,11 @@ - ;max_input_nesting_level = 64 - - ; How many GET/POST/COOKIE input variables may be accepted --;max_input_vars = 1000 -+max_input_vars = 6000 - - ; Maximum amount of memory a script may consume - ; http://php.net/memory-limit --memory_limit = 128M -+memory_limit = 256M - - ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - ; Error handling and logging ; -@@ -691,7 +692,7 @@ - ; Its value may be 0 to disable the limit. It is ignored if POST data reading - ; is disabled through enable_post_data_reading. - ; http://php.net/post-max-size --post_max_size = 8M -+post_max_size = 60M - - ; Automatically add files before PHP document. - ; http://php.net/auto-prepend-file -@@ -843,7 +844,7 @@ - - ; Maximum allowed size for uploaded files. - ; http://php.net/upload-max-filesize --upload_max_filesize = 2M -+upload_max_filesize = 50M - - ; Maximum number of files that can be uploaded via a single request - max_file_uploads = 20 -@@ -1089,7 +1090,7 @@ - - ; The path to a log file that will log all mail() calls. Log entries include - ; the full path of the script, line number, To address and headers. --;mail.log = -+mail.log = /var/log/php-mail.log - ; Log mail to syslog (Event Log on Windows). - ;mail.log = syslog - -@@ -1766,20 +1767,20 @@ - - [opcache] - ; Determines if Zend OPCache is enabled --;opcache.enable=1 -+opcache.enable=1 - - ; Determines if Zend OPCache is enabled for the CLI version of PHP --;opcache.enable_cli=0 -+opcache.enable_cli=0 - - ; The OPcache shared memory storage size. --;opcache.memory_consumption=128 -+opcache.memory_consumption=512 - - ; The amount of memory for interned strings in Mbytes. - ;opcache.interned_strings_buffer=8 - - ; The maximum number of keys (scripts) in the OPcache hash table. - ; Only numbers between 200 and 1000000 are allowed. --;opcache.max_accelerated_files=10000 -+opcache.max_accelerated_files=100000 - - ; The maximum percentage of "wasted" memory until a restart is scheduled. - ;opcache.max_wasted_percentage=5 diff --git a/install/debian/13/pma/apache.conf b/install/debian/13/pma/apache.conf deleted file mode 100644 index 2a8f69e2..00000000 --- a/install/debian/13/pma/apache.conf +++ /dev/null @@ -1,42 +0,0 @@ -# phpMyAdmin default Apache configuration - -Alias /phpmyadmin /usr/share/phpmyadmin - - - Options FollowSymLinks - DirectoryIndex index.php - - - AddType application/x-httpd-php .php - - php_flag magic_quotes_gpc Off - php_flag track_vars On - php_flag register_globals Off - php_admin_flag allow_url_fopen Off - php_value include_path . - php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp - php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext - - - - -# Authorize for setup - - - AuthType Basic - AuthName "phpMyAdmin Setup" - AuthUserFile /etc/phpmyadmin/htpasswd.setup - - Require valid-user - - -# Disallow web access to directories that don't need it - - Order Deny,Allow - Deny from All - - - Order Deny,Allow - Deny from All - - diff --git a/install/debian/13/pma/config.inc.php b/install/debian/13/pma/config.inc.php deleted file mode 100644 index eafc6d67..00000000 --- a/install/debian/13/pma/config.inc.php +++ /dev/null @@ -1,146 +0,0 @@ -> $pmapath1 -sed -i '/savedsearches/d' $pmapath1 -sed -i '/navigationhiding/d' $pmapath1 -sed -i '/users/d' $pmapath1 -sed -i '/controlpass/d' $pmapath1 -sed -i '/favorite/d' $pmapath1 -sed -i '/usergroups/d' $pmapath1 -sed -i '/central_columns/d' $pmapath1 -sed -i '/designer_settings/d' $pmapath1 -sed -i '/export_templates/d' $pmapath1 -echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath1 -echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath1 - -sed -i '/pmadb/d' $pmapath2 -sed -i '/controluser/d' $pmapath2 -sed -i '/bookmarktable/d' $pmapath2 -sed -i '/relation/d' $pmapath2 -sed -i '/userconfig/d' $pmapath2 -sed -i '/table_info/d' $pmapath2 -sed -i '/column_info/d' $pmapath2 -sed -i '/history/d' $pmapath2 -sed -i '/recent/d' $pmapath2 -sed -i '/table_uiprefs/d' $pmapath2 -sed -i '/tracking/d' $pmapath2 -sed -i '/table_coords/d' $pmapath2 -sed -i '/pdf_pages/d' $pmapath2 -sed -i '/designer_coords/d' $pmapath2 -sed -i '/controlpass/d' $pmapath2 -sed -i '/savedsearches/d' $pmapath2 -sed -i '/navigationhiding/d' $pmapath2 -sed -i '/users/d' $pmapath2 -sed -i '/controlpass/d' $pmapath2 -sed -i '/favorite/d' $pmapath2 -sed -i '/usergroups/d' $pmapath2 -sed -i '/central_columns/d' $pmapath2 -sed -i '/designer_settings/d' $pmapath2 -sed -i '/export_templates/d' $pmapath2 -echo "\$cfg['Servers'][\$i]['favorite'] = 'pma__favorite';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['central_columns'] = 'pma__central_columns';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['designer_settings'] = 'pma__designer_settings';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['export_templates'] = 'pma__export_templates';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['savedsearches'] = 'pma__savedsearches';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['navigationhiding'] = 'pma__navigationhiding';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['users'] = 'pma__users';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['usergroups'] = 'pma__usergroups';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['pmadb'] = 'phpmyadmin';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['controluser'] = 'pma';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['controlpass'] = '$PASS';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['bookmarktable'] = 'pma__bookmark';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['relation'] = 'pma__relation';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['userconfig'] = 'pma__userconfig';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['table_info'] = 'pma__table_info';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['column_info'] = 'pma__column_info';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['history'] = 'pma__history';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['recent'] = 'pma__recent';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['table_uiprefs'] = 'pma__table_uiprefs';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['tracking'] = 'pma__tracking';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['table_coords'] = 'pma__table_coords';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['pdf_pages'] = 'pma__pdf_pages';" >> $pmapath2 -echo "\$cfg['Servers'][\$i]['designer_coords'] = 'pma__designer_coords';" >> $pmapath2 - -#SOME WORK with DATABASE (table / user) -PMADB=phpmyadmin -PMAUSER=pma - -#DROP USER and TABLE -mysql -uroot < - VRootEngine on - VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf - - -AuthPAMConfig proftpd -AuthOrder mod_auth_pam.c* mod_auth_unix.c -UseReverseDNS off -User proftpd -Group nogroup -MaxInstances 100 -UseSendfile off -LogFormat default "%h %l %u %t \"%r\" %s %b" -LogFormat auth "%v [%P] %h %t \"%r\" %s" -ListOptions -a -RequireValidShell off -PassivePorts 12000 12100 -TransferLog /var/log/proftpd/xferlog -SystemLog /var/log/proftpd/proftpd.log - - - Umask 002 - - IdentLookups off - - AllowOverwrite yes - - AllowAll - - diff --git a/install/debian/13/proftpd/tls.conf b/install/debian/13/proftpd/tls.conf deleted file mode 100644 index 9da0017b..00000000 --- a/install/debian/13/proftpd/tls.conf +++ /dev/null @@ -1,63 +0,0 @@ -# -# Proftpd sample configuration for FTPS connections. -# -# Note that FTPS impose some limitations in NAT traversing. -# See http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html -# for more information. -# - - # If mod_tls was built as a shared/DSO module, load it - LoadModule mod_tls.c - - -TLSEngine on -TLSLog /var/log/proftpd/tls.log -# this is an example of protocols, proftp works witl all, but use only the most secure ones like TLSv1.1 and TLSv1.2 -TLSProtocol TLSv1.1 TLSv1.2 -# -# Server SSL certificate. You can generate a self-signed certificate using -# a command like: -# -# openssl req -x509 -newkey rsa:1024 \ -# -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt \ -# -nodes -days 365 -# -# The proftpd.key file must be readable by root only. The other file can be -# readable by anyone. -# -# chmod 0600 /etc/ssl/private/proftpd.key -# chmod 0640 /etc/ssl/private/proftpd.key -# -TLSRSACertificateFile /usr/local/vesta/ssl/certificate.crt -TLSRSACertificateKeyFile /usr/local/vesta/ssl/certificate.key -# -# CA the server trusts... -#TLSCACertificateFile /etc/ssl/certs/CA.pem -# ...or avoid CA cert and be verbose -#TLSOptions NoCertRequest EnableDiags -# ... or the same with relaxed session use for some clients (e.g. FireFtp) -#TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired -# -# -# Per default drop connection if client tries to start a renegotiate -# This is a fix for CVE-2009-3555 but could break some clients. -# -#TLSOptions AllowClientRenegotiations -# -TLSOptions NoSessionReuseRequired AllowClientRenegotiations -# Authenticate clients that want to use FTP over TLS? -# -#TLSVerifyClient off -# -# Are clients required to use FTP over TLS when talking to this server? -# -TLSRequired off -# -# Allow SSL/TLS renegotiations when the client requests them, but -# do not force the renegotations. Some clients do not support -# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these -# clients will close the data connection, or there will be a timeout -# on an idle data connection. -# -TLSRenegotiate required off - diff --git a/install/debian/13/roundcube/apache.conf b/install/debian/13/roundcube/apache.conf deleted file mode 100644 index a0c87bcc..00000000 --- a/install/debian/13/roundcube/apache.conf +++ /dev/null @@ -1,40 +0,0 @@ -Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ -Alias /roundcube /var/lib/roundcube -Alias /webmail /var/lib/roundcube - -# Access to tinymce files - - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order allow,deny - allow from all - - - - Options +FollowSymLinks - # This is needed to parse /var/lib/roundcube/.htaccess. See its - # content before setting AllowOverride to None. - AllowOverride All - order allow,deny - allow from all - - -# Protecting basic directories: - - Options -FollowSymLinks - AllowOverride None - - - - Options -FollowSymLinks - AllowOverride None - Order allow,deny - Deny from all - - - - Options -FollowSymLinks - AllowOverride None - Order allow,deny - Deny from all - diff --git a/install/debian/13/roundcube/config.inc.php b/install/debian/13/roundcube/config.inc.php deleted file mode 100644 index 0c82b1bc..00000000 --- a/install/debian/13/roundcube/config.inc.php +++ /dev/null @@ -1,33 +0,0 @@ - diff --git a/install/debian/13/roundcube/main.inc.php b/install/debian/13/roundcube/main.inc.php deleted file mode 100644 index 91f32000..00000000 --- a/install/debian/13/roundcube/main.inc.php +++ /dev/null @@ -1,850 +0,0 @@ -/sendmail or to syslog -$rcmail_config['smtp_log'] = true; - -// Log successful logins to /userlogins or to syslog -$rcmail_config['log_logins'] = false; - -// Log session authentication errors to /session or to syslog -$rcmail_config['log_session'] = false; - -// Log SQL queries to /sql or to syslog -$rcmail_config['sql_debug'] = false; - -// Log IMAP conversation to /imap or to syslog -$rcmail_config['imap_debug'] = false; - -// Log LDAP conversation to /ldap or to syslog -$rcmail_config['ldap_debug'] = false; - -// Log SMTP conversation to /smtp or to syslog -$rcmail_config['smtp_debug'] = false; - -// ---------------------------------- -// IMAP -// ---------------------------------- - -// the mail host chosen to perform the log-in -// leave blank to show a textbox at login, give a list of hosts -// to display a pulldown menu or set one host as string. -// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// -// Supported replacement variables: -// %n - http hostname ($_SERVER['SERVER_NAME']) -// %d - domain (http hostname without the first part) -// %s - domain name after the '@' from e-mail address provided at login screen -// For example %n = mail.domain.tld, %d = domain.tld -$rcmail_config['default_host'] = 'localhost'; - -// TCP port used for IMAP connections -$rcmail_config['default_port'] = 143; - -// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use -// best server supported one) -$rcmail_config['imap_auth_type'] = null; - -// If you know your imap's folder delimiter, you can specify it here. -// Otherwise it will be determined automatically -$rcmail_config['imap_delimiter'] = null; - -// If IMAP server doesn't support NAMESPACE extension, but you're -// using shared folders or personal root folder is non-empty, you'll need to -// set these options. All can be strings or arrays of strings. -// Folders need to be ended with directory separator, e.g. "INBOX." -// (special directory "~" is an exception to this rule) -// These can be used also to overwrite server's namespaces -$rcmail_config['imap_ns_personal'] = null; -$rcmail_config['imap_ns_other'] = null; -$rcmail_config['imap_ns_shared'] = null; - -// By default IMAP capabilities are readed after connection to IMAP server -// In some cases, e.g. when using IMAP proxy, there's a need to refresh the list -// after login. Set to True if you've got this case. -$rcmail_config['imap_force_caps'] = false; - -// By default list of subscribed folders is determined using LIST-EXTENDED -// extension if available. Some servers (dovecot 1.x) returns wrong results -// for shared namespaces in this case. http://trac.roundcube.net/ticket/1486225 -// Enable this option to force LSUB command usage instead. -$rcmail_config['imap_force_lsub'] = false; - -// Some server configurations (e.g. Courier) doesn't list folders in all namespaces -// Enable this option to force listing of folders in all namespaces -$rcmail_config['imap_force_ns'] = false; - -// IMAP connection timeout, in seconds. Default: 0 (no limit) -$rcmail_config['imap_timeout'] = 0; - -// Optional IMAP authentication identifier to be used as authorization proxy -$rcmail_config['imap_auth_cid'] = null; - -// Optional IMAP authentication password to be used for imap_auth_cid -$rcmail_config['imap_auth_pw'] = null; - -// Type of IMAP indexes cache. Supported values: 'db', 'apc' and 'memcache'. -$rcmail_config['imap_cache'] = null; - -// Enables messages cache. Only 'db' cache is supported. -$rcmail_config['messages_cache'] = false; - - -// ---------------------------------- -// SMTP -// ---------------------------------- - -// SMTP server host (for sending mails). -// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls:// -// If left blank, the PHP mail() function is used -// Supported replacement variables: -// %h - user's IMAP hostname -// %n - http hostname ($_SERVER['SERVER_NAME']) -// %d - domain (http hostname without the first part) -// %z - IMAP domain (IMAP hostname without the first part) -// For example %n = mail.domain.tld, %d = domain.tld -$rcmail_config['smtp_server'] = ''; - -// SMTP port (default is 25; use 587 for STARTTLS or 465 for the -// deprecated SSL over SMTP (aka SMTPS)) -$rcmail_config['smtp_port'] = 25; - -// SMTP username (if required) if you use %u as the username Roundcube -// will use the current username for login -$rcmail_config['smtp_user'] = ''; - -// SMTP password (if required) if you use %p as the password Roundcube -// will use the current user's password for login -$rcmail_config['smtp_pass'] = ''; - -// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use -// best server supported one) -$rcmail_config['smtp_auth_type'] = ''; - -// Optional SMTP authentication identifier to be used as authorization proxy -$rcmail_config['smtp_auth_cid'] = null; - -// Optional SMTP authentication password to be used for smtp_auth_cid -$rcmail_config['smtp_auth_pw'] = null; - -// SMTP HELO host -// Hostname to give to the remote server for SMTP 'HELO' or 'EHLO' messages -// Leave this blank and you will get the server variable 'server_name' or -// localhost if that isn't defined. -$rcmail_config['smtp_helo_host'] = ''; - -// SMTP connection timeout, in seconds. Default: 0 (no limit) -$rcmail_config['smtp_timeout'] = 0; - -// ---------------------------------- -// SYSTEM -// ---------------------------------- -include_once("/etc/roundcube/debian-db-roundcube.php"); - - -// THIS OPTION WILL ALLOW THE INSTALLER TO RUN AND CAN EXPOSE SENSITIVE CONFIG DATA. -// ONLY ENABLE IT IF YOU'RE REALLY SURE WHAT YOU'RE DOING! -$rcmail_config['enable_installer'] = false; - -// provide an URL where a user can get support for this Roundcube installation -// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE! -$rcmail_config['support_url'] = ''; - -// replace Roundcube logo with this image -// specify an URL relative to the document root of this Roundcube installation -$rcmail_config['skin_logo'] = null; - -// automatically create a new Roundcube user when log-in the first time. -// a new user will be created once the IMAP login succeeds. -// set to false if only registered users can use this service -$rcmail_config['auto_create_user'] = true; - -// use this folder to store log files (must be writeable for apache user) -// This is used by the 'file' log driver. -$rcmail_config['log_dir'] = '/var/log/roundcubemail/'; - -// use this folder to store temp files (must be writeable for apache user) -$rcmail_config['temp_dir'] = '/tmp'; - -// lifetime of message cache -// possible units: s, m, h, d, w -$rcmail_config['message_cache_lifetime'] = '10d'; - -// enforce connections over https -// with this option enabled, all non-secure connections will be redirected. -// set the port for the ssl connection as value of this option if it differs from the default 443 -$rcmail_config['force_https'] = true; - -// tell PHP that it should work as under secure connection -// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set) -// e.g. when you're running Roundcube behind a https proxy -// this option is mutually exclusive to 'force_https' and only either one of them should be set to true. -$rcmail_config['use_https'] = false; - -// Allow browser-autocompletion on login form. -// 0 - disabled, 1 - username and host only, 2 - username, host, password -$rcmail_config['login_autocomplete'] = 0; - -// Forces conversion of logins to lower case. -// 0 - disabled, 1 - only domain part, 2 - domain and local part. -// If users authentication is not case-sensitive this must be enabled. -// After enabling it all user records need to be updated, e.g. with query: -// UPDATE users SET username = LOWER(username); -$rcmail_config['login_lc'] = 0; - -// Includes should be interpreted as PHP files -$rcmail_config['skin_include_php'] = false; - -// display software version on login screen -$rcmail_config['display_version'] = false; - -// Session lifetime in minutes -// must be greater than 'keep_alive'/60 -$rcmail_config['session_lifetime'] = 10; - -// session domain: .example.org -$rcmail_config['session_domain'] = ''; - -// session name. Default: 'roundcube_sessid' -$rcmail_config['session_name'] = null; - -// Backend to use for session storage. Can either be 'db' (default) or 'memcache' -// If set to memcache, a list of servers need to be specified in 'memcache_hosts' -// Make sure the Memcache extension (http://pecl.php.net/package/memcache) version >= 2.0.0 is installed -$rcmail_config['session_storage'] = 'db'; - -// Use these hosts for accessing memcached -// Define any number of hosts in the form of hostname:port or unix:///path/to/sock.file -$rcmail_config['memcache_hosts'] = null; // e.g. array( 'localhost:11211', '192.168.1.12:11211', 'unix:///var/tmp/memcached.sock' ); - -// check client IP in session athorization -$rcmail_config['ip_check'] = false; - -// check referer of incoming requests -$rcmail_config['referer_check'] = false; - -// X-Frame-Options HTTP header value sent to prevent from Clickjacking. -// Possible values: sameorigin|deny. Set to false in order to disable sending them -$rcmail_config['x_frame_options'] = 'sameorigin'; - -// this key is used to encrypt the users imap password which is stored -// in the session record (and the client cookie if remember password is enabled). -// please provide a string of exactly 24 chars. -$rcmail_config['des_key'] = 'vtIOjLZo9kffJoqzpSbm5r1r'; - -// Automatically add this domain to user names for login -// Only for IMAP servers that require full e-mail addresses for login -// Specify an array with 'host' => 'domain' values to support multiple hosts -// Supported replacement variables: -// %h - user's IMAP hostname -// %n - http hostname ($_SERVER['SERVER_NAME']) -// %d - domain (http hostname without the first part) -// %z - IMAP domain (IMAP hostname without the first part) -// For example %n = mail.domain.tld, %d = domain.tld -$rcmail_config['username_domain'] = ''; - -// This domain will be used to form e-mail addresses of new users -// Specify an array with 'host' => 'domain' values to support multiple hosts -// Supported replacement variables: -// %h - user's IMAP hostname -// %n - http hostname ($_SERVER['SERVER_NAME']) -// %d - domain (http hostname without the first part) -// %z - IMAP domain (IMAP hostname without the first part) -// For example %n = mail.domain.tld, %d = domain.tld -$rcmail_config['mail_domain'] = ''; - -// Password charset. -// Use it if your authentication backend doesn't support UTF-8. -// Defaults to ISO-8859-1 for backward compatibility -$rcmail_config['password_charset'] = 'ISO-8859-1'; - -// How many seconds must pass between emails sent by a user -$rcmail_config['sendmail_delay'] = 0; - -// Maximum number of recipients per message. Default: 0 (no limit) -$rcmail_config['max_recipients'] = 0; - -// Maximum allowednumber of members of an address group. Default: 0 (no limit) -// If 'max_recipients' is set this value should be less or equal -$rcmail_config['max_group_members'] = 0; - -// add this user-agent to message headers when sending -$rcmail_config['useragent'] = 'Roundcube Webmail/'.RCMAIL_VERSION; - -// use this name to compose page titles -$rcmail_config['product_name'] = 'Roundcube Webmail'; - -// try to load host-specific configuration -// see http://trac.roundcube.net/wiki/Howto_Config for more details -$rcmail_config['include_host_config'] = false; - -// path to a text file which will be added to each sent message -// paths are relative to the Roundcube root folder -$rcmail_config['generic_message_footer'] = ''; - -// path to a text file which will be added to each sent HTML message -// paths are relative to the Roundcube root folder -$rcmail_config['generic_message_footer_html'] = ''; - -// add a received header to outgoing mails containing the creators IP and hostname -$rcmail_config['http_received_header'] = false; - -// Whether or not to encrypt the IP address and the host name -// these could, in some circles, be considered as sensitive information; -// however, for the administrator, these could be invaluable help -// when tracking down issues. -$rcmail_config['http_received_header_encrypt'] = false; - -// This string is used as a delimiter for message headers when sending -// a message via mail() function. Leave empty for auto-detection -$rcmail_config['mail_header_delimiter'] = NULL; - -// number of chars allowed for line when wrapping text. -// text wrapping is done when composing/sending messages -$rcmail_config['line_length'] = 72; - -// send plaintext messages as format=flowed -$rcmail_config['send_format_flowed'] = true; - -// don't allow these settings to be overriden by the user -$rcmail_config['dont_override'] = array(); - -// Set identities access level: -// 0 - many identities with possibility to edit all params -// 1 - many identities with possibility to edit all params but not email address -// 2 - one identity with possibility to edit all params -// 3 - one identity with possibility to edit all params but not email address -$rcmail_config['identities_level'] = 0; - -// Mimetypes supported by the browser. -// attachments of these types will open in a preview window -// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' -$rcmail_config['client_mimetypes'] = null; # null == default - -// mime magic database -$rcmail_config['mime_magic'] = null; - -// path to imagemagick identify binary -$rcmail_config['im_identify_path'] = null; - -// path to imagemagick convert binary -$rcmail_config['im_convert_path'] = null; - -// maximum size of uploaded contact photos in pixel -$rcmail_config['contact_photo_size'] = 160; - -// Enable DNS checking for e-mail address validation -$rcmail_config['email_dns_check'] = false; - -// ---------------------------------- -// PLUGINS -// ---------------------------------- - -// List of active plugins (in plugins/ directory) -$rcmail_config['plugins'] = array('password'); - -// ---------------------------------- -// USER INTERFACE -// ---------------------------------- - -// default messages sort column. Use empty value for default server's sorting, -// or 'arrival', 'date', 'subject', 'from', 'to', 'fromto', 'size', 'cc' -$rcmail_config['message_sort_col'] = ''; - -// default messages sort order -$rcmail_config['message_sort_order'] = 'DESC'; - -// These cols are shown in the message list. Available cols are: -// subject, from, to, fromto, cc, replyto, date, size, status, flag, attachment, 'priority' -$rcmail_config['list_cols'] = array('subject', 'status', 'fromto', 'date', 'size', 'flag', 'attachment'); - -// the default locale setting (leave empty for auto-detection) -// RFC1766 formatted language name like en_US, de_DE, de_CH, fr_FR, pt_BR -$rcmail_config['language'] = null; - -// use this format for date display (date or strftime format) -$rcmail_config['date_format'] = 'Y-m-d'; - -// give this choice of date formats to the user to select from -$rcmail_config['date_formats'] = array('Y-m-d', 'd-m-Y', 'Y/m/d', 'm/d/Y', 'd/m/Y', 'd.m.Y', 'j.n.Y'); - -// use this format for time display (date or strftime format) -$rcmail_config['time_format'] = 'H:i'; - -// give this choice of time formats to the user to select from -$rcmail_config['time_formats'] = array('G:i', 'H:i', 'g:i a', 'h:i A'); - -// use this format for short date display (derived from date_format and time_format) -$rcmail_config['date_short'] = 'D H:i'; - -// use this format for detailed date/time formatting (derived from date_format and time_format) -$rcmail_config['date_long'] = 'Y-m-d H:i'; - -// store draft message is this mailbox -// leave blank if draft messages should not be stored -// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) -$rcmail_config['drafts_mbox'] = 'Drafts'; - -// store spam messages in this mailbox -// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) -$rcmail_config['junk_mbox'] = 'Spam'; - -// store sent message is this mailbox -// leave blank if sent messages should not be stored -// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) -$rcmail_config['sent_mbox'] = 'Sent'; - -// move messages to this folder when deleting them -// leave blank if they should be deleted directly -// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) -$rcmail_config['trash_mbox'] = 'Trash'; - -// display these folders separately in the mailbox list. -// these folders will also be displayed with localized names -// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP) -$rcmail_config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); -$rcmail_config['default_imap_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); - -// automatically create the above listed default folders on first login -$rcmail_config['create_default_folders'] = true; - -// protect the default folders from renames, deletes, and subscription changes -$rcmail_config['protect_default_folders'] = true; - -// if in your system 0 quota means no limit set this option to true -$rcmail_config['quota_zero_as_unlimited'] = false; - -// Make use of the built-in spell checker. It is based on GoogieSpell. -// Since Google only accepts connections over https your PHP installatation -// requires to be compiled with Open SSL support -$rcmail_config['enable_spellcheck'] = true; - -// Enables spellchecker exceptions dictionary. -// Setting it to 'shared' will make the dictionary shared by all users. -$rcmail_config['spellcheck_dictionary'] = false; - -// Set the spell checking engine. 'googie' is the default. 'pspell' is also available, -// but requires the Pspell extensions. When using Nox Spell Server, also set 'googie' here. -$rcmail_config['spellcheck_engine'] = 'googie'; - -// For a locally installed Nox Spell Server, please specify the URI to call it. -// Get Nox Spell Server from http://orangoo.com/labs/?page_id=72 -// Leave empty to use the Google spell checking service, what means -// that the message content will be sent to Google in order to check spelling -$rcmail_config['spellcheck_uri'] = ''; - -// These languages can be selected for spell checking. -// Configure as a PHP style hash array: array('en'=>'English', 'de'=>'Deutsch'); -// Leave empty for default set of available language. -$rcmail_config['spellcheck_languages'] = NULL; - -// Makes that words with all letters capitalized will be ignored (e.g. GOOGLE) -$rcmail_config['spellcheck_ignore_caps'] = false; - -// Makes that words with numbers will be ignored (e.g. g00gle) -$rcmail_config['spellcheck_ignore_nums'] = false; - -// Makes that words with symbols will be ignored (e.g. g@@gle) -$rcmail_config['spellcheck_ignore_syms'] = false; - -// Use this char/string to separate recipients when composing a new message -$rcmail_config['recipients_separator'] = ','; - -// don't let users set pagesize to more than this value if set -$rcmail_config['max_pagesize'] = 200; - -// Minimal value of user's 'keep_alive' setting (in seconds) -// Must be less than 'session_lifetime' -$rcmail_config['min_keep_alive'] = 60; - -// Enables files upload indicator. Requires APC installed and enabled apc.rfc1867 option. -// By default refresh time is set to 1 second. You can set this value to true -// or any integer value indicating number of seconds. -$rcmail_config['upload_progress'] = false; - -// Specifies for how many seconds the Undo button will be available -// after object delete action. Currently used with supporting address book sources. -// Setting it to 0, disables the feature. -$rcmail_config['undo_timeout'] = 0; - -// ---------------------------------- -// ADDRESSBOOK SETTINGS -// ---------------------------------- - -// This indicates which type of address book to use. Possible choises: -// 'sql' (default) and 'ldap'. -// If set to 'ldap' then it will look at using the first writable LDAP -// address book as the primary address book and it will not display the -// SQL address book in the 'Address Book' view. -$rcmail_config['address_book_type'] = 'sql'; - -// In order to enable public ldap search, configure an array like the Verisign -// example further below. if you would like to test, simply uncomment the example. -// Array key must contain only safe characters, ie. a-zA-Z0-9_ -$rcmail_config['ldap_public'] = array(); - -// If you are going to use LDAP for individual address books, you will need to -// set 'user_specific' to true and use the variables to generate the appropriate DNs to access it. -// -// The recommended directory structure for LDAP is to store all the address book entries -// under the users main entry, e.g.: -// -// o=root -// ou=people -// uid=user@domain -// mail=contact@contactdomain -// -// So the base_dn would be uid=%fu,ou=people,o=root -// The bind_dn would be the same as based_dn or some super user login. -/* - * example config for Verisign directory - * -$rcmail_config['ldap_public']['Verisign'] = array( - 'name' => 'Verisign.com', - // Replacement variables supported in host names: - // %h - user's IMAP hostname - // %n - http hostname ($_SERVER['SERVER_NAME']) - // %d - domain (http hostname without the first part) - // %z - IMAP domain (IMAP hostname without the first part) - // For example %n = mail.domain.tld, %d = domain.tld - 'hosts' => array('directory.verisign.com'), - 'port' => 389, - 'use_tls' => false, - 'ldap_version' => 3, // using LDAPv3 - 'user_specific' => false, // If true the base_dn, bind_dn and bind_pass default to the user's IMAP login. - // %fu - The full username provided, assumes the username is an email - // address, uses the username_domain value if not an email address. - // %u - The username prior to the '@'. - // %d - The domain name after the '@'. - // %dc - The domain name hierarchal string e.g. "dc=test,dc=domain,dc=com" - // %dn - DN found by ldap search when search_filter/search_base_dn are used - 'base_dn' => '', - 'bind_dn' => '', - 'bind_pass' => '', - // It's possible to bind for an individual address book - // The login name is used to search for the DN to bind with - 'search_base_dn' => '', - 'search_filter' => '', // e.g. '(&(objectClass=posixAccount)(uid=%u))' - // DN and password to bind as before searching for bind DN, if anonymous search is not allowed - 'search_bind_dn' => '', - 'search_bind_pw' => '', - // Default for %dn variable if search doesn't return DN value - 'search_dn_default' => '', - // Optional authentication identifier to be used as SASL authorization proxy - // bind_dn need to be empty - 'auth_cid' => '', - // SASL authentication method (for proxy auth), e.g. DIGEST-MD5 - 'auth_method' => '', - // Indicates if the addressbook shall be hidden from the list. - // With this option enabled you can still search/view contacts. - 'hidden' => false, - // Indicates if the addressbook shall not list contacts but only allows searching. - 'searchonly' => false, - // Indicates if we can write to the LDAP directory or not. - // If writable is true then these fields need to be populated: - // LDAP_Object_Classes, required_fields, LDAP_rdn - 'writable' => false, - // To create a new contact these are the object classes to specify - // (or any other classes you wish to use). - 'LDAP_Object_Classes' => array('top', 'inetOrgPerson'), - // The RDN field that is used for new entries, this field needs - // to be one of the search_fields, the base of base_dn is appended - // to the RDN to insert into the LDAP directory. - 'LDAP_rdn' => 'cn', - // The required fields needed to build a new contact as required by - // the object classes (can include additional fields not required by the object classes). - 'required_fields' => array('cn', 'sn', 'mail'), - 'search_fields' => array('mail', 'cn'), // fields to search in - // mapping of contact fields to directory attributes - // for every attribute one can specify the number of values (limit) allowed. - // default is 1, a wildcard * means unlimited - 'fieldmap' => array( - // Roundcube => LDAP:limit - 'name' => 'cn', - 'surname' => 'sn', - 'firstname' => 'givenName', - 'title' => 'title', - 'email' => 'mail:*', - 'phone:home' => 'homePhone', - 'phone:work' => 'telephoneNumber', - 'phone:mobile' => 'mobile', - 'phone:pager' => 'pager', - 'street' => 'street', - 'zipcode' => 'postalCode', - 'region' => 'st', - 'locality' => 'l', -// if you uncomment country, you need to modify 'sub_fields' above -// 'country' => 'c', - 'department' => 'departmentNumber', - 'notes' => 'description', -// these currently don't work: -// 'phone:workfax' => 'facsimileTelephoneNumber', -// 'photo' => 'jpegPhoto', -// 'organization' => 'o', -// 'manager' => 'manager', -// 'assistant' => 'secretary', - ), - // Map of contact sub-objects (attribute name => objectClass(es)), e.g. 'c' => 'country' - 'sub_fields' => array(), - 'sort' => 'cn', // The field to sort the listing by. - 'scope' => 'sub', // search mode: sub|base|list - 'filter' => '(objectClass=inetOrgPerson)', // used for basic listing (if not empty) and will be &'d with search queries. example: status=act - 'fuzzy_search' => true, // server allows wildcard search - 'vlv' => false, // Enable Virtual List View to more efficiently fetch paginated data (if server supports it) - 'numsub_filter' => '(objectClass=organizationalUnit)', // with VLV, we also use numSubOrdinates to query the total number of records. Set this filter to get all numSubOrdinates attributes for counting - 'sizelimit' => '0', // Enables you to limit the count of entries fetched. Setting this to 0 means no limit. - 'timelimit' => '0', // Sets the number of seconds how long is spend on the search. Setting this to 0 means no limit. - 'referrals' => true|false, // Sets the LDAP_OPT_REFERRALS option. Mostly used in multi-domain Active Directory setups - - // definition for contact groups (uncomment if no groups are supported) - // for the groups base_dn, the user replacements %fu, %u, $d and %dc work as for base_dn (see above) - // if the groups base_dn is empty, the contact base_dn is used for the groups as well - // -> in this case, assure that groups and contacts are separated due to the concernig filters! - 'groups' => array( - 'base_dn' => '', - 'scope' => 'sub', // search mode: sub|base|list - 'filter' => '(objectClass=groupOfNames)', - 'object_classes' => array("top", "groupOfNames"), - 'member_attr' => 'member', // name of the member attribute, e.g. uniqueMember - 'name_attr' => 'cn', // attribute to be used as group name - ), -); -*/ - -// An ordered array of the ids of the addressbooks that should be searched -// when populating address autocomplete fields server-side. ex: array('sql','Verisign'); -$rcmail_config['autocomplete_addressbooks'] = array('sql'); - -// The minimum number of characters required to be typed in an autocomplete field -// before address books will be searched. Most useful for LDAP directories that -// may need to do lengthy results building given overly-broad searches -$rcmail_config['autocomplete_min_length'] = 1; - -// Number of parallel autocomplete requests. -// If there's more than one address book, n parallel (async) requests will be created, -// where each request will search in one address book. By default (0), all address -// books are searched in one request. -$rcmail_config['autocomplete_threads'] = 0; - -// Max. numer of entries in autocomplete popup. Default: 15. -$rcmail_config['autocomplete_max'] = 15; - -// show address fields in this order -// available placeholders: {street}, {locality}, {zipcode}, {country}, {region} -$rcmail_config['address_template'] = '{street}
{locality} {zipcode}
{country} {region}'; - -// Matching mode for addressbook search (including autocompletion) -// 0 - partial (*abc*), default -// 1 - strict (abc) -// 2 - prefix (abc*) -// Note: For LDAP sources fuzzy_search must be enabled to use 'partial' or 'prefix' mode -$rcmail_config['addressbook_search_mode'] = 0; - -// ---------------------------------- -// USER PREFERENCES -// ---------------------------------- - -// Use this charset as fallback for message decoding -//$rcmail_config['default_charset'] = 'ISO-8859-1'; -$rcmail_config['default_charset'] = 'UTF-8'; - -// skin name: folder from skins/ -$rcmail_config['skin'] = 'elastic'; - -// show up to X items in messages list view -$rcmail_config['mail_pagesize'] = 50; - -// show up to X items in contacts list view -$rcmail_config['addressbook_pagesize'] = 50; - -// sort contacts by this col (preferably either one of name, firstname, surname) -$rcmail_config['addressbook_sort_col'] = 'surname'; - -// the way how contact names are displayed in the list -// 0: display name -// 1: (prefix) firstname middlename surname (suffix) -// 2: (prefix) surname firstname middlename (suffix) -// 3: (prefix) surname, firstname middlename (suffix) -$rcmail_config['addressbook_name_listing'] = 0; - -// use this timezone to display date/time -// valid timezone identifers are listed here: php.net/manual/en/timezones.php -// 'auto' will use the browser's timezone settings -$rcmail_config['timezone'] = 'auto'; - -// prefer displaying HTML messages -$rcmail_config['prefer_html'] = true; - -// display remote inline images -// 0 - Never, always ask -// 1 - Ask if sender is not in address book -// 2 - Always show inline images -$rcmail_config['show_images'] = 0; - -// compose html formatted messages by default -// 0 - never, 1 - always, 2 - on reply to HTML message only -$rcmail_config['htmleditor'] = 0; - -// show pretty dates as standard -$rcmail_config['prettydate'] = true; - -// save compose message every 300 seconds (5min) -$rcmail_config['draft_autosave'] = 300; - -// default setting if preview pane is enabled -$rcmail_config['preview_pane'] = false; - -// Mark as read when viewed in preview pane (delay in seconds) -// Set to -1 if messages in preview pane should not be marked as read -$rcmail_config['preview_pane_mark_read'] = 0; - -// Clear Trash on logout -$rcmail_config['logout_purge'] = false; - -// Compact INBOX on logout -$rcmail_config['logout_expunge'] = false; - -// Display attached images below the message body -$rcmail_config['inline_images'] = true; - -// Encoding of long/non-ascii attachment names: -// 0 - Full RFC 2231 compatible -// 1 - RFC 2047 for 'name' and RFC 2231 for 'filename' parameter (Thunderbird's default) -// 2 - Full 2047 compatible -$rcmail_config['mime_param_folding'] = 1; - -// Set true if deleted messages should not be displayed -// This will make the application run slower -$rcmail_config['skip_deleted'] = false; - -// Set true to Mark deleted messages as read as well as deleted -// False means that a message's read status is not affected by marking it as deleted -$rcmail_config['read_when_deleted'] = true; - -// Set to true to never delete messages immediately -// Use 'Purge' to remove messages marked as deleted -$rcmail_config['flag_for_deletion'] = false; - -// Default interval for keep-alive/check-recent requests (in seconds) -// Must be greater than or equal to 'min_keep_alive' and less than 'session_lifetime' -$rcmail_config['keep_alive'] = 60; - -// If true all folders will be checked for recent messages -$rcmail_config['check_all_folders'] = false; - -// If true, after message delete/move, the next message will be displayed -$rcmail_config['display_next'] = false; - -// 0 - Do not expand threads -// 1 - Expand all threads automatically -// 2 - Expand only threads with unread messages -$rcmail_config['autoexpand_threads'] = 0; - -// When replying place cursor above original message (top posting) -$rcmail_config['top_posting'] = false; - -// When replying strip original signature from message -$rcmail_config['strip_existing_sig'] = true; - -// Show signature: -// 0 - Never -// 1 - Always -// 2 - New messages only -// 3 - Forwards and Replies only -$rcmail_config['show_sig'] = 1; - -// When replying or forwarding place sender's signature above existing message -$rcmail_config['sig_above'] = false; - -// Use MIME encoding (quoted-printable) for 8bit characters in message body -$rcmail_config['force_7bit'] = false; - -// Defaults of the search field configuration. -// The array can contain a per-folder list of header fields which should be considered when searching -// The entry with key '*' stands for all folders which do not have a specific list set. -// Please note that folder names should to be in sync with $rcmail_config['default_folders'] -$rcmail_config['search_mods'] = null; // Example: array('*' => array('subject'=>1, 'from'=>1), 'Sent' => array('subject'=>1, 'to'=>1)); - -// Defaults of the addressbook search field configuration. -$rcmail_config['addressbook_search_mods'] = null; // Example: array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1); - -// 'Delete always' -// This setting reflects if mail should be always deleted -// when moving to Trash fails. This is necessary in some setups -// when user is over quota and Trash is included in the quota. -$rcmail_config['delete_always'] = false; - -// Directly delete messages in Junk instead of moving to Trash -$rcmail_config['delete_junk'] = true; - -// Behavior if a received message requests a message delivery notification (read receipt) -// 0 = ask the user, 1 = send automatically, 2 = ignore (never send or ask) -// 3 = send automatically if sender is in addressbook, otherwise ask the user -// 4 = send automatically if sender is in addressbook, otherwise ignore -$rcmail_config['mdn_requests'] = 0; - -// Return receipt checkbox default state -$rcmail_config['mdn_default'] = 0; - -// Delivery Status Notification checkbox default state -$rcmail_config['dsn_default'] = 0; - -// Place replies in the folder of the message being replied to -$rcmail_config['reply_same_folder'] = false; - -// Sets default mode of Forward feature to "forward as attachment" -$rcmail_config['forward_attachment'] = false; - -// Defines address book (internal index) to which new contacts will be added -// By default it is the first writeable addressbook. -// Note: Use '0' for built-in address book. -$rcmail_config['default_addressbook'] = null; - -// Enables spell checking before sending a message. -$rcmail_config['spellcheck_before_send'] = false; - -// Skip alternative email addresses in autocompletion (show one address per contact) -$rcmail_config['autocomplete_single'] = false; - -// Default font for composed HTML message. -// Supported values: Andale Mono, Arial, Arial Black, Book Antiqua, Courier New, -// Georgia, Helvetica, Impact, Tahoma, Terminal, Times New Roman, Trebuchet MS, Verdana -$rcmail_config['default_font'] = ''; - -// end of config file diff --git a/install/debian/13/roundcube/vesta.php b/install/debian/13/roundcube/vesta.php deleted file mode 100644 index b3dd167f..00000000 --- a/install/debian/13/roundcube/vesta.php +++ /dev/null @@ -1,73 +0,0 @@ - - */ -class rcube_vesta_password { - function save($curpass, $passwd) - { - $rcmail = rcmail::get_instance(); - $vesta_host = $rcmail->config->get('password_vesta_host'); - - if (empty($vesta_host)) - { - $vesta_host = 'localhost'; - } - - $vesta_port = $rcmail->config->get('password_vesta_port'); - if (empty($vesta_port)) - { - $vesta_port = '8083'; - } - - $postvars = array( - 'email' => $_SESSION['username'], - 'password' => $curpass, - 'new' => $passwd - ); - - $postdata = http_build_query($postvars); - - $send = 'POST /reset/mail/ HTTP/1.1' . PHP_EOL; - $send .= 'Host: ' . $vesta_host . PHP_EOL; - $send .= 'User-Agent: PHP Script' . PHP_EOL; - $send .= 'Content-length: ' . strlen($postdata) . PHP_EOL; - $send .= 'Content-type: application/x-www-form-urlencoded' . PHP_EOL; - $send .= 'Connection: close' . PHP_EOL; - $send .= PHP_EOL; - $send .= $postdata . PHP_EOL . PHP_EOL; - - //$fp = fsockopen('ssl://' . $vesta_host, $vesta_port); - $errno = ""; - $errstr = ""; - $context = stream_context_create(); - - $result = stream_context_set_option($context, 'ssl', 'verify_peer', false); - $result = stream_context_set_option($context, 'ssl', 'verify_peer_name', false); - $result = stream_context_set_option($context, 'ssl', 'verify_host', false); - $result = stream_context_set_option($context, 'ssl', 'allow_self_signed', true); - - $fp = stream_socket_client('ssl://' . $vesta_host . ':'.$vesta_port, $errno, $errstr, 60, STREAM_CLIENT_CONNECT, $context); - fputs($fp, $send); - $result = fread($fp, 2048); - fclose($fp); - - $fp = fopen("/tmp/roundcube.log", 'w'); - fwrite($fp, "test ok"); - fwrite($fp, "\n"); - fclose($fp); - - - if(strpos($result, 'ok') && !strpos($result, 'error')) - { - return PASSWORD_SUCCESS; - } - else { - return PASSWORD_ERROR; - } - - } -} diff --git a/install/debian/13/sudo/admin b/install/debian/13/sudo/admin deleted file mode 100644 index 331fa1f2..00000000 --- a/install/debian/13/sudo/admin +++ /dev/null @@ -1,8 +0,0 @@ -# Created by vesta installer -Defaults env_keep="VESTA" -Defaults:admin !syslog -Defaults:admin !requiretty -Defaults:root !requiretty - -# sudo is limited to vesta scripts -admin ALL=NOPASSWD:/usr/local/vesta/bin/* diff --git a/install/debian/13/templates/dns/child-ns.tpl b/install/debian/13/templates/dns/child-ns.tpl deleted file mode 100644 index 42c046e4..00000000 --- a/install/debian/13/templates/dns/child-ns.tpl +++ /dev/null @@ -1,14 +0,0 @@ -ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns1.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='ns2.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='4' RECORD='ns1' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='5' RECORD='ns2' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='7' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='8' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='9' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='10' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='12' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='13' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/default.tpl b/install/debian/13/templates/dns/default.tpl deleted file mode 100644 index e0a37e62..00000000 --- a/install/debian/13/templates/dns/default.tpl +++ /dev/null @@ -1,18 +0,0 @@ -ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='12' RECORD='mail' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='13' RECORD='smtp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='pop' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='imap' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='16' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mail.%domain%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='17' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='18' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/gmail.tpl b/install/debian/13/templates/dns/gmail.tpl deleted file mode 100644 index 219c9d24..00000000 --- a/install/debian/13/templates/dns/gmail.tpl +++ /dev/null @@ -1,12 +0,0 @@ -ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='3' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='4' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='5' RECORD='localhost' TYPE='A' PRIORITY='' VALUE='127.0.0.1' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='6' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='7' RECORD='@' TYPE='MX' PRIORITY='1' VALUE='ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='8' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT1.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='9' RECORD='@' TYPE='MX' PRIORITY='5' VALUE='ALT2.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='10' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT3.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='ALT4.ASPMX.L.GOOGLE.COM.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.google.com ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/office365.tpl b/install/debian/13/templates/dns/office365.tpl deleted file mode 100644 index dcf556e1..00000000 --- a/install/debian/13/templates/dns/office365.tpl +++ /dev/null @@ -1,22 +0,0 @@ -ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='12' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:spf.protection.outlook.com -all"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='13' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='MX' PRIORITY='0' VALUE='XXXXXXX.mail.protection.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"MS=msXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='16' RECORD='autodiscover' TYPE='CNAME' PRIORITY='' VALUE='autodiscover.outlook.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='17' RECORD='sip' TYPE='CNAME' PRIORITY='' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='18' RECORD='lyncdiscover' TYPE='CNAME' PRIORITY='' VALUE='webdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='19' RECORD='enterpriseregistration' TYPE='CNAME' PRIORITY='' VALUE='enterpriseregistration.windows.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='20' RECORD='enterpriseenrollment' TYPE='CNAME' PRIORITY='' VALUE='enterpriseenrollment.manage.microsoft.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='21' RECORD='_sip._tls' TYPE='SRV' PRIORITY='100 1 443' VALUE='sipdir.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='22' RECORD='_sipfederationtls._tcp' TYPE='SRV' PRIORITY='100 1 5061' VALUE='sipfed.online.lync.com.' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/dns/yandex.tpl b/install/debian/13/templates/dns/yandex.tpl deleted file mode 100644 index 4ce768fe..00000000 --- a/install/debian/13/templates/dns/yandex.tpl +++ /dev/null @@ -1,16 +0,0 @@ -ID='1' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns1%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='2' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns2%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='3' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns3%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='4' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns4%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='5' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns5%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='6' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns6%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='7' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns7%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='8' RECORD='@' TYPE='NS' PRIORITY='' VALUE='%ns8%.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='9' RECORD='@' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='10' RECORD='www' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='11' RECORD='ftp' TYPE='A' PRIORITY='' VALUE='%ip%' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='12' RECORD='mail' TYPE='CNAME' PRIORITY='' VALUE='domain.mail.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='13' RECORD='@' TYPE='MX' PRIORITY='10' VALUE='mx.yandex.net.' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='14' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"v=spf1 a mx ip4:%ip% include:_spf.yandex.net ~all"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='15' RECORD='_dmarc' TYPE='TXT' PRIORITY='' VALUE='"v=DMARC1; p=none"' SUSPENDED='no' TIME='%time%' DATE='%date%' -ID='16' RECORD='@' TYPE='TXT' PRIORITY='' VALUE='"yandex-verification: XXXXXXXXXXXXXXX"' SUSPENDED='no' TIME='%time%' DATE='%date%' diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh deleted file mode 100644 index cbea2de9..00000000 --- a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.sh +++ /dev/null @@ -1,133 +0,0 @@ -#!/bin/bash -# Adding php pool conf -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -pool_conf="[$2] - -listen = /run/php/php8.4-fpm-$2.sock -listen.owner = $1 -listen.group = $1 -listen.mode = 0666 - -user = $1 -group = $1 - -pm = ondemand -pm.max_children = 8 -request_terminate_timeout = 360s -pm.max_requests = 4000 -pm.process_idle_timeout = 10s -pm.status_path = /status - -php_admin_value[upload_tmp_dir] = /home/$1/tmp -php_admin_value[session.save_path] = /home/$1/tmp -php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 800M -php_admin_value[max_execution_time] = 300 -php_admin_value[post_max_size] = 800M -php_admin_value[memory_limit] = 512M -php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" -php_admin_flag[mysql.allow_persistent] = off -php_admin_flag[safe_mode] = off - -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /home/$1/tmp -env[TMPDIR] = /home/$1/tmp -env[TEMP] = /home/$1/tmp -" - -pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" -pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" -pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" -pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" -pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" -pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" -pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" -pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" -pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" -pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" -pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" - -if [ -f "$pool_file_56" ]; then - rm $pool_file_56 - systemctl reset-failed php5.6-fpm - systemctl restart php5.6-fpm -fi - -if [ -f "$pool_file_70" ]; then - rm $pool_file_70 - systemctl reset-failed php7.0-fpm - systemctl restart php7.0-fpm -fi - -if [ -f "$pool_file_71" ]; then - rm $pool_file_71 - systemctl reset-failed php7.1-fpm - systemctl restart php7.1-fpm -fi - -if [ -f "$pool_file_72" ]; then - rm $pool_file_72 - systemctl reset-failed php7.2-fpm - systemctl restart php7.2-fpm -fi - -if [ -f "$pool_file_73" ]; then - rm $pool_file_73 - systemctl reset-failed php7.3-fpm - systemctl restart php7.3-fpm -fi - -if [ -f "$pool_file_74" ]; then - rm $pool_file_74 - systemctl reset-failed php7.4-fpm - systemctl restart php7.4-fpm -fi - -if [ -f "$pool_file_80" ]; then - rm $pool_file_80 - systemctl reset-failed php8.0-fpm - systemctl restart php8.0-fpm -fi - -if [ -f "$pool_file_81" ]; then - rm $pool_file_81 - systemctl reset-failed php8.1-fpm - systemctl restart php8.1-fpm -fi - -if [ -f "$pool_file_82" ]; then - rm $pool_file_82 - systemctl reset-failed php8.2-fpm - systemctl restart php8.2-fpm -fi - -if [ -f "$pool_file_83" ]; then - rm $pool_file_83 - systemctl reset-failed php8.3-fpm - systemctl restart php8.3-fpm -fi - -write_file=0 -if [ ! -f "$pool_file_84" ]; then - write_file=1 -else - user_count=$(grep -c "/home/$1/" $pool_file_84) - if [ $user_count -eq 0 ]; then - write_file=1 - fi -fi -if [ $write_file -eq 1 ]; then - echo "$pool_conf" > $pool_file_84 - systemctl reset-failed php8.4-fpm - systemctl restart php8.4-fpm -fi -if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then - rm /etc/php/8.4/fpm/pool.d/www.conf -fi - -exit 0 diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl deleted file mode 100644 index 91e05b17..00000000 --- a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.stpl +++ /dev/null @@ -1,36 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %sdocroot%/public - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - SSLRequireSSL - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - SSLEngine on - SSLVerifyClient none - SSLCertificateFile %ssl_crt% - SSLCertificateKeyFile %ssl_key% - %ssl_ca_str%SSLCertificateChainFile %ssl_ca% - - - SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* - - - diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl deleted file mode 100644 index 94acbf15..00000000 --- a/install/debian/13/templates/web/apache2/PHP-FPM-84-public.tpl +++ /dev/null @@ -1,30 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %docroot%/public - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - - - SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* - - - diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.sh b/install/debian/13/templates/web/apache2/PHP-FPM-84.sh deleted file mode 100644 index cbea2de9..00000000 --- a/install/debian/13/templates/web/apache2/PHP-FPM-84.sh +++ /dev/null @@ -1,133 +0,0 @@ -#!/bin/bash -# Adding php pool conf -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -pool_conf="[$2] - -listen = /run/php/php8.4-fpm-$2.sock -listen.owner = $1 -listen.group = $1 -listen.mode = 0666 - -user = $1 -group = $1 - -pm = ondemand -pm.max_children = 8 -request_terminate_timeout = 360s -pm.max_requests = 4000 -pm.process_idle_timeout = 10s -pm.status_path = /status - -php_admin_value[upload_tmp_dir] = /home/$1/tmp -php_admin_value[session.save_path] = /home/$1/tmp -php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 800M -php_admin_value[max_execution_time] = 300 -php_admin_value[post_max_size] = 800M -php_admin_value[memory_limit] = 512M -php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" -php_admin_flag[mysql.allow_persistent] = off -php_admin_flag[safe_mode] = off - -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /home/$1/tmp -env[TMPDIR] = /home/$1/tmp -env[TEMP] = /home/$1/tmp -" - -pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" -pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" -pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" -pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" -pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" -pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" -pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" -pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" -pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" -pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" -pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" - -if [ -f "$pool_file_56" ]; then - rm $pool_file_56 - systemctl reset-failed php5.6-fpm - systemctl restart php5.6-fpm -fi - -if [ -f "$pool_file_70" ]; then - rm $pool_file_70 - systemctl reset-failed php7.0-fpm - systemctl restart php7.0-fpm -fi - -if [ -f "$pool_file_71" ]; then - rm $pool_file_71 - systemctl reset-failed php7.1-fpm - systemctl restart php7.1-fpm -fi - -if [ -f "$pool_file_72" ]; then - rm $pool_file_72 - systemctl reset-failed php7.2-fpm - systemctl restart php7.2-fpm -fi - -if [ -f "$pool_file_73" ]; then - rm $pool_file_73 - systemctl reset-failed php7.3-fpm - systemctl restart php7.3-fpm -fi - -if [ -f "$pool_file_74" ]; then - rm $pool_file_74 - systemctl reset-failed php7.4-fpm - systemctl restart php7.4-fpm -fi - -if [ -f "$pool_file_80" ]; then - rm $pool_file_80 - systemctl reset-failed php8.0-fpm - systemctl restart php8.0-fpm -fi - -if [ -f "$pool_file_81" ]; then - rm $pool_file_81 - systemctl reset-failed php8.1-fpm - systemctl restart php8.1-fpm -fi - -if [ -f "$pool_file_82" ]; then - rm $pool_file_82 - systemctl reset-failed php8.2-fpm - systemctl restart php8.2-fpm -fi - -if [ -f "$pool_file_83" ]; then - rm $pool_file_83 - systemctl reset-failed php8.3-fpm - systemctl restart php8.3-fpm -fi - -write_file=0 -if [ ! -f "$pool_file_84" ]; then - write_file=1 -else - user_count=$(grep -c "/home/$1/" $pool_file_84) - if [ $user_count -eq 0 ]; then - write_file=1 - fi -fi -if [ $write_file -eq 1 ]; then - echo "$pool_conf" > $pool_file_84 - systemctl reset-failed php8.4-fpm - systemctl restart php8.4-fpm -fi -if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then - rm /etc/php/8.4/fpm/pool.d/www.conf -fi - -exit 0 diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl deleted file mode 100644 index 848abf7c..00000000 --- a/install/debian/13/templates/web/apache2/PHP-FPM-84.stpl +++ /dev/null @@ -1,36 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %sdocroot% - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - SSLRequireSSL - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - SSLEngine on - SSLVerifyClient none - SSLCertificateFile %ssl_crt% - SSLCertificateKeyFile %ssl_key% - %ssl_ca_str%SSLCertificateChainFile %ssl_ca% - - - SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* - - - diff --git a/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl b/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl deleted file mode 100644 index 065c1f89..00000000 --- a/install/debian/13/templates/web/apache2/PHP-FPM-84.tpl +++ /dev/null @@ -1,30 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %docroot% - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - - - SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* - - - diff --git a/install/debian/13/templates/web/awstats/awstats.tpl b/install/debian/13/templates/web/awstats/awstats.tpl deleted file mode 100644 index 6bb51c50..00000000 --- a/install/debian/13/templates/web/awstats/awstats.tpl +++ /dev/null @@ -1,133 +0,0 @@ -LogFile="/var/log/%web_system%/domains/%domain%.log" -LogType=W -LogFormat=1 -LogSeparator=" " -SiteDomain="%domain_idn%" -HostAliases="%alias_idn%" -DirData="%home%/%user%/web/%domain%/stats" -DirCgi="/vstats" -DirIcons="/vstats/icon" -AllowToUpdateStatsFromBrowser=0 -AllowFullYearView=2 -EnableLockForUpdate=1 -DNSStaticCacheFile="dnscache.txt" -DNSLastUpdateCacheFile="dnscachelastupdate.txt" -SkipDNSLookupFor="" -AllowAccessFromWebToAuthenticatedUsersOnly=0 -AllowAccessFromWebToFollowingAuthenticatedUsers="" -AllowAccessFromWebToFollowingIPAddresses="" -CreateDirDataIfNotExists=0 -BuildHistoryFormat=text -BuildReportFormat=html -SaveDatabaseFilesWithPermissionsForEveryone=0 -PurgeLogFile=0 -ArchiveLogRecords=0 -KeepBackupOfHistoricFiles=1 -DefaultFile="index.php index.html" -SkipHosts="127.0.0.1" -SkipUserAgents="" -SkipFiles="" -SkipReferrersBlackList="" -OnlyHosts="" -OnlyUserAgents="" -OnlyUsers="" -OnlyFiles="" -NotPageList="css js class gif jpg jpeg png bmp ico rss xml swf" -ValidHTTPCodes="200 304" -ValidSMTPCodes="1 250" -AuthenticatedUsersNotCaseSensitive=0 -URLNotCaseSensitive=0 -URLWithAnchor=0 -URLQuerySeparators="?;" -URLWithQuery=0 -URLWithQueryWithOnlyFollowingParameters="" -URLWithQueryWithoutFollowingParameters="" -URLReferrerWithQuery=0 -WarningMessages=1 -ErrorMessages="" -DebugMessages=0 -NbOfLinesForCorruptedLog=50 -WrapperScript="" -DecodeUA=0 -MiscTrackerUrl="/js/awstats_misc_tracker.js" -UseFramesWhenCGI=1 -DetailedReportsOnNewWindows=1 -Expires=3600 -MaxRowsInHTMLOutput=1000 -Lang="auto" -DirLang="./lang" -ShowMenu=1 -ShowSummary=UVPHB -ShowMonthStats=UVPHB -ShowDaysOfMonthStats=VPHB -ShowDaysOfWeekStats=PHB -ShowHoursStats=PHB -ShowDomainsStats=PHB -ShowHostsStats=PHBL -ShowAuthenticatedUsers=0 -ShowRobotsStats=HBL -ShowWormsStats=0 -ShowEMailSenders=0 -ShowEMailReceivers=0 -ShowSessionsStats=1 -ShowPagesStats=PBEX -ShowFileTypesStats=HB -ShowFileSizesStats=0 -ShowDownloadsStats=HB -ShowOSStats=1 -ShowBrowsersStats=1 -ShowScreenSizeStats=0 -ShowOriginStats=PH -ShowKeyphrasesStats=1 -ShowKeywordsStats=1 -ShowMiscStats=a -ShowHTTPErrorsStats=1 -ShowSMTPErrorsStats=0 -ShowClusterStats=0 -AddDataArrayMonthStats=1 -AddDataArrayShowDaysOfMonthStats=1 -AddDataArrayShowDaysOfWeekStats=1 -AddDataArrayShowHoursStats=1 -IncludeInternalLinksInOriginSection=0 -MaxNbOfDomain = 10 -MinHitDomain = 1 -MaxNbOfHostsShown = 10 -MinHitHost = 1 -MaxNbOfLoginShown = 10 -MinHitLogin = 1 -MaxNbOfRobotShown = 10 -MinHitRobot = 1 -MaxNbOfDownloadsShown = 10 -MinHitDownloads = 1 -MaxNbOfPageShown = 10 -MinHitFile = 1 -MaxNbOfOsShown = 10 -MinHitOs = 1 -MaxNbOfBrowsersShown = 10 -MinHitBrowser = 1 -MaxNbOfScreenSizesShown = 5 -MinHitScreenSize = 1 -MaxNbOfWindowSizesShown = 5 -MinHitWindowSize = 1 -MaxNbOfRefererShown = 10 -MinHitRefer = 1 -MaxNbOfKeyphrasesShown = 10 -MinHitKeyphrase = 1 -MaxNbOfKeywordsShown = 10 -MinHitKeyword = 1 -MaxNbOfEMailsShown = 20 -MinHitEMail = 1 -FirstDayOfWeek=0 -ShowFlagLinks="" -ShowLinksOnUrl=1 -UseHTTPSLinkForUrl="" -MaxLengthOfShownURL=64 -HTMLHeadSection="" -HTMLEndSection="" -MetaRobot=0 -Logo="awstats_logo6.png" -LogoLink="http://awstats.sourceforge.net" -BarWidth = 260 -BarHeight = 90 -StyleSheet="" -ExtraTrackedRowsLimit=500 diff --git a/install/debian/13/templates/web/awstats/index.tpl b/install/debian/13/templates/web/awstats/index.tpl deleted file mode 100644 index 9df9bb5c..00000000 --- a/install/debian/13/templates/web/awstats/index.tpl +++ /dev/null @@ -1,10 +0,0 @@ - - - - Awstats log analyzer - - - - - - diff --git a/install/debian/13/templates/web/awstats/nav.tpl b/install/debian/13/templates/web/awstats/nav.tpl deleted file mode 100644 index f29bed68..00000000 --- a/install/debian/13/templates/web/awstats/nav.tpl +++ /dev/null @@ -1,23 +0,0 @@ - - - Awstats navigation - - - - - - - - -
vesta
- -
-
- - diff --git a/install/debian/13/templates/web/nginx/caching.sh b/install/debian/13/templates/web/nginx/caching.sh deleted file mode 100644 index 09d8efe7..00000000 --- a/install/debian/13/templates/web/nginx/caching.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -user=$1 -domain=$2 -ip=$3 -home=$4 -docroot=$5 - -str="proxy_cache_path /var/cache/nginx/$domain levels=2" -str="$str keys_zone=$domain:10m inactive=60m max_size=512m;" -conf='/etc/nginx/conf.d/01_caching_pool.conf' -if [ -e "$conf" ]; then - if [ -z "$(grep "=${domain}:" $conf)" ]; then - echo "$str" >> $conf - fi -else - echo "$str" >> $conf -fi - diff --git a/install/debian/13/templates/web/nginx/caching.stpl b/install/debian/13/templates/web/nginx/caching.stpl deleted file mode 100644 index f5c9740f..00000000 --- a/install/debian/13/templates/web/nginx/caching.stpl +++ /dev/null @@ -1,44 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - - proxy_cache cache; - proxy_cache_valid 15m; - proxy_cache_valid 404 1m; - proxy_no_cache $no_cache; - proxy_cache_bypass $no_cache; - proxy_cache_bypass $cookie_session $http_x_update; - - location ~* ^.+\.(%proxy_extentions%)$ { - proxy_cache off; - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/caching.tpl b/install/debian/13/templates/web/nginx/caching.tpl deleted file mode 100644 index 73de28d5..00000000 --- a/install/debian/13/templates/web/nginx/caching.tpl +++ /dev/null @@ -1,42 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass http://%ip%:%web_port%; - - proxy_cache cache; - proxy_cache_valid 15m; - proxy_cache_valid 404 1m; - proxy_no_cache $no_cache; - proxy_cache_bypass $no_cache; - proxy_cache_bypass $cookie_session $http_x_update; - - location ~* ^.+\.(%proxy_extentions%)$ { - proxy_cache off; - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.stpl b/install/debian/13/templates/web/nginx/force-https-legacy.stpl deleted file mode 100644 index 8e636db3..00000000 --- a/install/debian/13/templates/web/nginx/force-https-legacy.stpl +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/force-https-legacy.tpl b/install/debian/13/templates/web/nginx/force-https-legacy.tpl deleted file mode 100644 index 5a463370..00000000 --- a/install/debian/13/templates/web/nginx/force-https-legacy.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/install/debian/13/templates/web/nginx/force-https-public.stpl b/install/debian/13/templates/web/nginx/force-https-public.stpl deleted file mode 100644 index a7609b13..00000000 --- a/install/debian/13/templates/web/nginx/force-https-public.stpl +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%/public; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%/public; - - include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/force-https-public.tpl b/install/debian/13/templates/web/nginx/force-https-public.tpl deleted file mode 100644 index 5a463370..00000000 --- a/install/debian/13/templates/web/nginx/force-https-public.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl deleted file mode 100644 index 2db9a06e..00000000 --- a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.stpl +++ /dev/null @@ -1,64 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /webmail { - disable_symlinks off; - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root /var/lib/roundcube; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /phpmyadmin { - disable_symlinks off; - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root /usr/share; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl deleted file mode 100644 index 5a463370..00000000 --- a/install/debian/13/templates/web/nginx/force-https-webmail-phpmyadmin.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/install/debian/13/templates/web/nginx/force-https.stpl b/install/debian/13/templates/web/nginx/force-https.stpl deleted file mode 100644 index 55f41002..00000000 --- a/install/debian/13/templates/web/nginx/force-https.stpl +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/force-https.tpl b/install/debian/13/templates/web/nginx/force-https.tpl deleted file mode 100644 index 5a463370..00000000 --- a/install/debian/13/templates/web/nginx/force-https.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.sh b/install/debian/13/templates/web/nginx/hosting-legacy.sh deleted file mode 100644 index eeed37ef..00000000 --- a/install/debian/13/templates/web/nginx/hosting-legacy.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.stpl b/install/debian/13/templates/web/nginx/hosting-legacy.stpl deleted file mode 100644 index efdd3b87..00000000 --- a/install/debian/13/templates/web/nginx/hosting-legacy.stpl +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/hosting-legacy.tpl b/install/debian/13/templates/web/nginx/hosting-legacy.tpl deleted file mode 100644 index a41d4054..00000000 --- a/install/debian/13/templates/web/nginx/hosting-legacy.tpl +++ /dev/null @@ -1,36 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/hosting-public.stpl b/install/debian/13/templates/web/nginx/hosting-public.stpl deleted file mode 100644 index a7609b13..00000000 --- a/install/debian/13/templates/web/nginx/hosting-public.stpl +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%/public; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%/public; - - include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/hosting-public.tpl b/install/debian/13/templates/web/nginx/hosting-public.tpl deleted file mode 100644 index f5d8b327..00000000 --- a/install/debian/13/templates/web/nginx/hosting-public.tpl +++ /dev/null @@ -1,36 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%/public; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%/public; - - include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl deleted file mode 100644 index 2db9a06e..00000000 --- a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.stpl +++ /dev/null @@ -1,64 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /webmail { - disable_symlinks off; - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root /var/lib/roundcube; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /phpmyadmin { - disable_symlinks off; - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root /usr/share; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl b/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl deleted file mode 100644 index f84f4781..00000000 --- a/install/debian/13/templates/web/nginx/hosting-webmail-phpmyadmin.tpl +++ /dev/null @@ -1,60 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /webmail { - disable_symlinks off; - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root /var/lib/roundcube; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /phpmyadmin { - disable_symlinks off; - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root /usr/share; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/hosting.sh b/install/debian/13/templates/web/nginx/hosting.sh deleted file mode 100644 index eeed37ef..00000000 --- a/install/debian/13/templates/web/nginx/hosting.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 diff --git a/install/debian/13/templates/web/nginx/hosting.stpl b/install/debian/13/templates/web/nginx/hosting.stpl deleted file mode 100644 index 5745311e..00000000 --- a/install/debian/13/templates/web/nginx/hosting.stpl +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/hosting.tpl b/install/debian/13/templates/web/nginx/hosting.tpl deleted file mode 100644 index 61469ad2..00000000 --- a/install/debian/13/templates/web/nginx/hosting.tpl +++ /dev/null @@ -1,36 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl deleted file mode 100644 index cf8fad56..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.stpl +++ /dev/null @@ -1,55 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - try_files $uri $uri/ /index.php?page=$request_uri; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl b/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl deleted file mode 100644 index f9e90393..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/cms_made_simple.tpl +++ /dev/null @@ -1,52 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location / { - try_files $uri $uri/ /index.php?page=$request_uri; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl deleted file mode 100644 index 5931f617..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.stpl +++ /dev/null @@ -1,60 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - try_files $uri $uri/ /index.php; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location = /index.php { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - } - - location ~ \.php$ { - return 444; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl deleted file mode 100644 index d2422be2..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/codeigniter2.tpl +++ /dev/null @@ -1,57 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location / { - try_files $uri $uri/ /index.php; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location = /index.php { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME /var/www/html/ci$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - } - - location ~ \.php$ { - return 444; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl deleted file mode 100644 index 3c2793d1..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.stpl +++ /dev/null @@ -1,55 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - try_files $uri $uri/ /index.php; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl b/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl deleted file mode 100644 index 54f81b99..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/codeigniter3.tpl +++ /dev/null @@ -1,52 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location / { - try_files $uri $uri/ /index.php; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl deleted file mode 100644 index bb9a727b..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.stpl +++ /dev/null @@ -1,126 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; - - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; - - rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; - rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; - rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; - rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; - - rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; - rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; - rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; - rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; - - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; - - rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; - rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; - - rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; - rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; - - rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; - rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; - - rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; - rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; - - rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; - rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; - rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; - rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; - rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; - rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; - - rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; - rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; - - rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; - rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; - rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; - - rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; - rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; - - rewrite "^/favorites(/?)+$" /index.php?do=favorites last; - rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; - - rewrite "^/rules.html$" /index.php?do=rules last; - rewrite "^/statistics.html$" /index.php?do=stats last; - rewrite "^/addnews.html$" /index.php?do=addnews last; - rewrite "^/rss.xml$" /engine/rss.php last; - rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; - - if (!-d $request_filename) { - rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; - rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; - } - - if (!-f $request_filename) { - rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; - rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; - rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; - } - - if (!-f $request_filename) { - rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; - } - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl b/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl deleted file mode 100644 index 3ea45347..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/datalife_engine.tpl +++ /dev/null @@ -1,123 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location / { - rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last; - - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last; - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html(/?)+$" /engine/print.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last; - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html(/?)+$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last; - - rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last; - rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last; - rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$2&newsid=$3&seourl=$4&seocat=$1 last; - rewrite "^/([^.]+)/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&seourl=$3&seocat=$1 last; - - rewrite "^/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$3&news_page=$1&cstart=$2&seourl=$4 last; - rewrite "^/page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$2&news_page=$1&seourl=$3 last; - rewrite "^/print:page,([0-9]+),([0-9]+)-(.*).html(/?)+$" /engine/print.php?news_page=$1&newsid=$2&seourl=$3 last; - rewrite "^/([0-9]+)-(.*).html(/?)+$" /index.php?newsid=$1&seourl=$2 last; - - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2&day=$3 last; - rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&day=$3&cstart=$4 last; - - rewrite "^/([0-9]{4})/([0-9]{2})(/?)+$" /index.php?year=$1&month=$2 last; - rewrite "^/([0-9]{4})/([0-9]{2})/page/([0-9]+)(/?)+$" /index.php?year=$1&month=$2&cstart=$3 last; - - rewrite "^/([0-9]{4})(/?)+$" /index.php?year=$1 last; - rewrite "^/([0-9]{4})/page/([0-9]+)(/?)+$" /index.php?year=$1&cstart=$2 last; - - rewrite "^/tags/([^/]*)(/?)+$" /index.php?do=tags&tag=$1 last; - rewrite "^/tags/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=tags&tag=$1&cstart=$2 last; - - rewrite "^/xfsearch/([^/]*)(/?)+$" /index.php?do=xfsearch&xf=$1 last; - rewrite "^/xfsearch/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=xfsearch&xf=$1&cstart=$2 last; - - rewrite "^/user/([^/]*)/rss.xml$" /engine/rss.php?subaction=allnews&user=$1 last; - rewrite "^/user/([^/]*)(/?)+$" /index.php?subaction=userinfo&user=$1 last; - rewrite "^/user/([^/]*)/page/([0-9]+)(/?)+$" /index.php?subaction=userinfo&user=$1&cstart=$2 last; - rewrite "^/user/([^/]*)/news(/?)+$" /index.php?subaction=allnews&user=$1 last; - rewrite "^/user/([^/]*)/news/page/([0-9]+)(/?)+$" /index.php?subaction=allnews&user=$1&cstart=$2 last; - rewrite "^/user/([^/]*)/news/rss.xml(/?)+$" /engine/rss.php?subaction=allnews&user=$1 last; - - rewrite "^/lastnews(/?)+$" /index.php?do=lastnews last; - rewrite "^/lastnews/page/([0-9]+)(/?)+$" /index.php?do=lastnews&cstart=$1 last; - - rewrite "^/catalog/([^/]*)/rss.xml$" /engine/rss.php?catalog=$1 last; - rewrite "^/catalog/([^/]*)(/?)+$" /index.php?catalog=$1 last; - rewrite "^/catalog/([^/]*)/page/([0-9]+)(/?)+$" /index.php?catalog=$1&cstart=$2 last; - - rewrite "^/newposts(/?)+$" /index.php?subaction=newposts last; - rewrite "^/newposts/page/([0-9]+)(/?)+$" /index.php?subaction=newposts&cstart=$1 last; - - rewrite "^/favorites(/?)+$" /index.php?do=favorites last; - rewrite "^/favorites/page/([0-9]+)(/?)+$" /index.php?do=favorites&cstart=$1 last; - - rewrite "^/rules.html$" /index.php?do=rules last; - rewrite "^/statistics.html$" /index.php?do=stats last; - rewrite "^/addnews.html$" /index.php?do=addnews last; - rewrite "^/rss.xml$" /engine/rss.php last; - rewrite "^/sitemap.xml$" /uploads/sitemap.xml last; - - if (!-d $request_filename) { - rewrite "^/([^.]+)/page/([0-9]+)(/?)+$" /index.php?do=cat&category=$1&cstart=$2 last; - rewrite "^/([^.]+)/?$" /index.php?do=cat&category=$1 last; - } - - if (!-f $request_filename) { - rewrite "^/([^.]+)/rss.xml$" /engine/rss.php?do=cat&category=$1 last; - rewrite "^/page,([0-9]+),([^/]+).html$" /index.php?do=static&page=$2&news_page=$1 last; - rewrite "^/print:([^/]+).html$" /engine/print.php?do=static&page=$1 last; - } - - if (!-f $request_filename) { - rewrite "^/([^/]+).html$" /index.php?do=static&page=$1 last; - } - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.stpl b/install/debian/13/templates/web/nginx/php-fpm/default.stpl deleted file mode 100644 index f9c01e40..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/default.stpl +++ /dev/null @@ -1,54 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/default.tpl b/install/debian/13/templates/web/nginx/php-fpm/default.tpl deleted file mode 100644 index a8909efb..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/default.tpl +++ /dev/null @@ -1,51 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location / { - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl deleted file mode 100644 index a7564705..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.stpl +++ /dev/null @@ -1,71 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - index doku.php; - try_files $uri $uri/ @dokuwiki; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - } - - location ~ ^/lib.*\.(gif|png|ico|jpg)$ { - expires 30d; - } - - location ^~ /conf/ { return 403; } - location ^~ /data/ { return 403; } - - location @dokuwiki { - rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; - rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; - rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; - rewrite ^/(.*) /doku.php?id=$1 last; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl b/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl deleted file mode 100644 index 0a9a75ed..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/dokuwiki.tpl +++ /dev/null @@ -1,67 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location / { - index doku.php; - try_files $uri $uri/ @dokuwiki; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - } - - location ~ ^/lib.*\.(gif|png|ico|jpg)$ { - expires 30d; - } - - location ^~ /conf/ { return 403; } - location ^~ /data/ { return 403; } - location @dokuwiki { - rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; - rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; - rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; - rewrite ^/(.*) /doku.php?id=$1 last; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl deleted file mode 100644 index 6e67a4e0..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/drupal6.stpl +++ /dev/null @@ -1,94 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - - location @rewrite { - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl deleted file mode 100644 index d1096bff..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/drupal6.tpl +++ /dev/null @@ -1,91 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri @rewrite; - } - - location @rewrite { - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ ^/sites/.*/files/imagecache/ { - try_files $uri @rewrite; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl deleted file mode 100644 index 32f01a6f..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/drupal7.stpl +++ /dev/null @@ -1,94 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl deleted file mode 100644 index c9729795..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/drupal7.tpl +++ /dev/null @@ -1,91 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl deleted file mode 100644 index 32f01a6f..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/drupal8.stpl +++ /dev/null @@ -1,94 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl b/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl deleted file mode 100644 index c9729795..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/drupal8.tpl +++ /dev/null @@ -1,91 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - location ~ ^/sites/.*/private/ { - return 403; - } - - location ~ ^/sites/[^/]+/files/.*\.php$ { - deny all; - } - - location / { - try_files $uri /index.php?$query_string; - } - - location ~ /vendor/.*\.php$ { - deny all; - return 404; - } - - location ~ ^/sites/.*/files/styles/ { - try_files $uri @rewrite; - } - - location ~ ^(/[a-z\-]+)?/system/files/ { - try_files $uri /index.php?$query_string; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { - try_files $uri @rewrite; - expires max; - log_not_found off; - } - - location ~ '\.php$|^/update.php' { - fastcgi_split_path_info ^(.+?\.php)(|/.*)$; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl deleted file mode 100644 index d4f96ee3..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/joomla.stpl +++ /dev/null @@ -1,62 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - try_files $uri $uri/ /index.php?$args; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl b/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl deleted file mode 100644 index 91b7a8f1..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/joomla.tpl +++ /dev/null @@ -1,59 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location / { - try_files $uri $uri/ /index.php?$args; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - # deny running scripts inside writable directories - location ~* /(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ { - return 403; - error_page 403 /403_error.html; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl deleted file mode 100644 index db0b4dde..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/laravel.stpl +++ /dev/null @@ -1,54 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%/public; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - try_files $uri $uri/ /index.php?$query_string; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl b/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl deleted file mode 100644 index d14b0173..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/laravel.tpl +++ /dev/null @@ -1,50 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%/public; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - location / { - try_files $uri $uri/ /index.php?$query_string; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.stpl b/install/debian/13/templates/web/nginx/php-fpm/magento.stpl deleted file mode 100644 index f8ac30c9..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/magento.stpl +++ /dev/null @@ -1,197 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - - root %sdocroot%/pub; - index index.php; - autoindex off; - charset UTF-8; - error_page 404 403 = /errors/404.php; - add_header "X-UA-Compatible" "IE=Edge"; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - # PHP entry point for setup application - location ~* ^/setup($|/) { - root %sdocroot%; - - location ~ ^/setup/index.php { - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - - location ~ ^/setup/(?!pub/). { - deny all; - } - - location ~ ^/setup/pub/ { - add_header X-Frame-Options "SAMEORIGIN"; - } - } - - # PHP entry point for update application - location ~* ^/update($|/) { - root %sdocroot%; - - location ~ ^/update/index.php { - fastcgi_split_path_info ^(/update/index.php)(/.+)$; - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - include /etc/nginx/fastcgi_params; - } - - # Deny everything but index.php - location ~ ^/update/(?!pub/). { - deny all; - } - - location ~ ^/update/pub/ { - add_header X-Frame-Options "SAMEORIGIN"; - } - } - - location / { - try_files $uri $uri/ /index.php?$args; - } - - location /pub/ { - location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { - deny all; - } - - alias %sdocroot%/pub/; - add_header X-Frame-Options "SAMEORIGIN"; - } - - location /static/ { - # Uncomment the following line in production mode - # expires max; - - # Remove signature of the static files that is used to overcome the browser cache - location ~ ^/static/version { - rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; - } - - location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { - add_header Cache-Control "public"; - add_header X-Frame-Options "SAMEORIGIN"; - expires +1y; - - if (!-f $request_filename) { - rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; - } - } - - location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { - add_header Cache-Control "no-store"; - add_header X-Frame-Options "SAMEORIGIN"; - expires off; - - if (!-f $request_filename) { - rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; - } - } - - if (!-f $request_filename) { - rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; - } - - add_header X-Frame-Options "SAMEORIGIN"; - } - - location /media/ { - try_files $uri $uri/ /get.php?$args; - - location ~ ^/media/theme_customization/.*\.xml { - deny all; - } - - location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { - add_header Cache-Control "public"; - add_header X-Frame-Options "SAMEORIGIN"; - expires +1y; - try_files $uri $uri/ /get.php?$args; - } - - location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { - add_header Cache-Control "no-store"; - add_header X-Frame-Options "SAMEORIGIN"; - expires off; - try_files $uri $uri/ /get.php?$args; - } - - add_header X-Frame-Options "SAMEORIGIN"; - } - - location /media/customer/ { - deny all; - } - - location /media/downloadable/ { - deny all; - } - - location /media/import/ { - deny all; - } - - # PHP entry point for main application - location ~ (index|get|static|report|404|503)\.php$ { - try_files $uri =404; - - fastcgi_pass %backend_lsnr%; - fastcgi_buffers 1024 4k; - fastcgi_read_timeout 600s; - fastcgi_connect_timeout 600s; - - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - - gzip on; - gzip_disable "msie6"; - - gzip_comp_level 6; - gzip_min_length 1100; - gzip_buffers 16 8k; - gzip_proxied any; - gzip_types - text/plain - text/css - text/js - text/xml - text/javascript - application/javascript - application/x-javascript - application/json - application/xml - application/xml+rss - image/svg+xml; - gzip_vary on; - - # Banned locations (only reached if the earlier PHP entry point regexes don't match) - location ~* (\.php$|\.htaccess$|\.git) { - deny all; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/magento.tpl b/install/debian/13/templates/web/nginx/php-fpm/magento.tpl deleted file mode 100644 index 3f292fff..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/magento.tpl +++ /dev/null @@ -1,194 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - - root %docroot%/pub; - index index.php; - autoindex off; - charset UTF-8; - error_page 404 403 = /errors/404.php; - add_header "X-UA-Compatible" "IE=Edge"; - - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - # PHP entry point for setup application - location ~* ^/setup($|/) { - root %docroot%; - - location ~ ^/setup/index.php { - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - - location ~ ^/setup/(?!pub/). { - deny all; - } - - location ~ ^/setup/pub/ { - add_header X-Frame-Options "SAMEORIGIN"; - } - } - - # PHP entry point for update application - location ~* ^/update($|/) { - root %docroot%; - - location ~ ^/update/index.php { - fastcgi_split_path_info ^(/update/index.php)(/.+)$; - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - include /etc/nginx/fastcgi_params; - } - - # Deny everything but index.php - location ~ ^/update/(?!pub/). { - deny all; - } - - location ~ ^/update/pub/ { - add_header X-Frame-Options "SAMEORIGIN"; - } - } - - location / { - try_files $uri $uri/ /index.php?$args; - } - - location /pub/ { - location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { - deny all; - } - - alias %docroot%/pub/; - add_header X-Frame-Options "SAMEORIGIN"; - } - - location /static/ { - # Uncomment the following line in production mode - # expires max; - - # Remove signature of the static files that is used to overcome the browser cache - location ~ ^/static/version { - rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; - } - - location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { - add_header Cache-Control "public"; - add_header X-Frame-Options "SAMEORIGIN"; - expires +1y; - - if (!-f $request_filename) { - rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; - } - } - - location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { - add_header Cache-Control "no-store"; - add_header X-Frame-Options "SAMEORIGIN"; - expires off; - - if (!-f $request_filename) { - rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; - } - } - - if (!-f $request_filename) { - rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; - } - - add_header X-Frame-Options "SAMEORIGIN"; - } - - location /media/ { - try_files $uri $uri/ /get.php?$args; - - location ~ ^/media/theme_customization/.*\.xml { - deny all; - } - - location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { - add_header Cache-Control "public"; - add_header X-Frame-Options "SAMEORIGIN"; - expires +1y; - try_files $uri $uri/ /get.php?$args; - } - - location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { - add_header Cache-Control "no-store"; - add_header X-Frame-Options "SAMEORIGIN"; - expires off; - try_files $uri $uri/ /get.php?$args; - } - - add_header X-Frame-Options "SAMEORIGIN"; - } - - location /media/customer/ { - deny all; - } - - location /media/downloadable/ { - deny all; - } - - location /media/import/ { - deny all; - } - - # PHP entry point for main application - location ~ (index|get|static|report|404|503)\.php$ { - try_files $uri =404; - - fastcgi_pass %backend_lsnr%; - fastcgi_buffers 1024 4k; - fastcgi_read_timeout 600s; - fastcgi_connect_timeout 600s; - - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - - gzip on; - gzip_disable "msie6"; - - gzip_comp_level 6; - gzip_min_length 1100; - gzip_buffers 16 8k; - gzip_proxied any; - gzip_types - text/plain - text/css - text/js - text/xml - text/javascript - application/javascript - application/x-javascript - application/json - application/xml - application/xml+rss - image/svg+xml; - gzip_vary on; - - # Banned locations (only reached if the earlier PHP entry point regexes don't match) - location ~* (\.php$|\.htaccess$|\.git) { - deny all; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.stpl b/install/debian/13/templates/web/nginx/php-fpm/modx.stpl deleted file mode 100644 index 420aeb9e..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/modx.stpl +++ /dev/null @@ -1,68 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; -# if you need to rewrite www to non-www uncomment bellow -# if ($host != '%domain%' ) { -# rewrite ^/(.*)$ https://%domain%/$1 permanent; -# } - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - } - location @rewrite { - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ \.php$ { - try_files $uri =404; - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - include /etc/nginx/fastcgi_params; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/modx.tpl b/install/debian/13/templates/web/nginx/php-fpm/modx.tpl deleted file mode 100644 index 342d3ecf..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/modx.tpl +++ /dev/null @@ -1,65 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; -# if you need to rewrite www to non-www uncomment bellow -# if ($host != '%domain%' ) { -# rewrite ^/(.*)$ http://%domain%/$1 permanent; -# } - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ @rewrite; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - } - location @rewrite { - rewrite ^/(.*)$ /index.php?q=$1; - } - - location ~ \.php$ { - try_files $uri =404; - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - include /etc/nginx/fastcgi_params; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl deleted file mode 100644 index 8594ec94..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/moodle.stpl +++ /dev/null @@ -1,89 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl b/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl deleted file mode 100644 index c20ba648..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/moodle.tpl +++ /dev/null @@ -1,87 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - rewrite ^/(.*\.php)(/)(.*)$ /$1?file=/$3 last; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - # Very rarely should these ever be accessed outside of your lan - location ~* \.(txt|log)$ { - allow 192.168.0.0/16; - deny all; - } - - location ~ \..*/.*\.php$ { - return 403; - } - - # No no for private - location ~ ^/sites/.*/private/ { - return 403; - } - - # Block access to "hidden" files and directories whose names begin with a - # period. This includes directories used by version control systems such - # as Subversion or Git to store control files. - location ~ (^|/)\. { - return 403; - } - - location / { - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $request_filename; - fastcgi_intercept_errors on; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl deleted file mode 100644 index 4bb50383..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/no-php.stpl +++ /dev/null @@ -1,46 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - types { - text/html html htm shtml php php5; - } - - location / { - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl b/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl deleted file mode 100644 index 7ff8aa1d..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/no-php.tpl +++ /dev/null @@ -1,43 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - types { - text/html html htm shtml php php5; - } - - location / { - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl deleted file mode 100644 index e28afcfc..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/odoo.stpl +++ /dev/null @@ -1,69 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_redirect off; - - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - - proxy_connect_timeout 720; - proxy_send_timeout 720; - proxy_read_timeout 720; - send_timeout 720; - - # Allow "Well-Known URIs" as per RFC 5785 - location ~* ^/.well-known/ { - allow all; - } - - location / { - proxy_pass http://127.0.0.1:8069; - } - - location /longpolling { - proxy_pass http://127.0.0.1:8072; - } - - location ~* /web/static/ { - proxy_cache_valid 200 60m; - proxy_buffering on; - expires 864000; - proxy_pass http://127.0.0.1:8069; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl b/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl deleted file mode 100644 index b1240aae..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/odoo.tpl +++ /dev/null @@ -1,66 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; - proxy_redirect off; - - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - - proxy_connect_timeout 720; - proxy_send_timeout 720; - proxy_read_timeout 720; - send_timeout 720; - - # Allow "Well-Known URIs" as per RFC 5785 - location ~* ^/.well-known/ { - allow all; - } - - location / { - proxy_pass http://127.0.0.1:8069; - } - - location /longpolling { - proxy_pass http://127.0.0.1:8072; - } - - location ~* /web/static/ { - proxy_cache_valid 200 60m; - proxy_buffering on; - expires 864000; - proxy_pass http://127.0.0.1:8069; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl deleted file mode 100644 index 52706d21..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/opencart.stpl +++ /dev/null @@ -1,58 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - try_files $uri $uri/ @opencart; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - location @opencart { - rewrite ^/(.+)$ /index.php?_route_=$1 last; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl b/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl deleted file mode 100644 index d0a9060b..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/opencart.tpl +++ /dev/null @@ -1,54 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - location / { - try_files $uri $uri/ @opencart; - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - location @opencart { - rewrite ^/(.+)$ /index.php?_route_=$1 last; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl deleted file mode 100644 index 1b803f97..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/owncloud.stpl +++ /dev/null @@ -1,84 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; - - error_page 403 = /core/templates/403.php; - error_page 404 = /core/templates/404.php; - - location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ - deny all; - } - - location / { - # The following 2 rules are only needed with webfinger - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; - rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - try_files $uri $uri/ /index.php; - - location ~ \.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - #fastcgi_param HTTPS on; - fastcgi_pass %backend_lsnr%; - } - } - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - # Some basic cache-control for static files to be sent to the browser - add_header Pragma public; - add_header Cache-Control "public, must-revalidate, proxy-revalidate"; - } - - #error_page 403 /error/404.html; - #error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl b/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl deleted file mode 100644 index e3ec31de..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/owncloud.tpl +++ /dev/null @@ -1,81 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; - rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; - rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; - - error_page 403 = /core/templates/403.php; - error_page 404 = /core/templates/404.php; - - location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ - deny all; - } - - location / { - # The following 2 rules are only needed with webfinger - rewrite ^/.well-known/host-meta /public.php?service=host-meta last; - rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; - rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; - rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; - rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; - try_files $uri $uri/ /index.php; - - location ~ \.php(?:$|/) { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $fastcgi_path_info; - #fastcgi_param HTTPS on; - fastcgi_pass %backend_lsnr%; - } - } - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - # Some basic cache-control for static files to be sent to the browser - add_header Pragma public; - add_header Cache-Control "public, must-revalidate, proxy-revalidate"; - } - - #error_page 403 /error/404.html; - #error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl deleted file mode 100644 index 1b299343..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/piwik.stpl +++ /dev/null @@ -1,72 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - try_files /favicon.ico =204; - } - - location / { - try_files $uri /index.php; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - valid_referers none blocked %domain_idn% %alias_idn%; - if ($invalid_referer) { - return 444; - } - expires max; - } - - location ~* ^/(?:index|piwik)\.php$ { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - } - - # Any other attempt to access PHP files returns a 404. - location ~* ^.+\.php$ { - return 404; - } - - # Return a 404 for all text files. - location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { - return 404; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl b/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl deleted file mode 100644 index f94fb7de..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/piwik.tpl +++ /dev/null @@ -1,69 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - try_files /favicon.ico =204; - } - - location / { - try_files $uri /index.php; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - valid_referers none blocked %domain_idn% %alias_idn%; - if ($invalid_referer) { - return 444; - } - expires max; - } - - location ~* ^/(?:index|piwik)\.php$ { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - include /etc/nginx/fastcgi_params; - } - } - - # Any other attempt to access PHP files returns a 404. - location ~* ^.+\.php$ { - return 404; - } - - # Return a 404 for all text files. - location ~* ^/(?:README|LICENSE[^.]*|LEGALNOTICE)(?:\.txt)*$ { - return 404; - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl deleted file mode 100644 index d26ed9f4..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.stpl +++ /dev/null @@ -1,65 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%/public; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location /installer { - try_files $uri $uri/ /installer/index.php?$query_string; - } - - location / { - try_files $uri $uri/ /index.php; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - } - - location = /robots.txt { access_log off; log_not_found off; } - location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\.ht { access_log off; log_not_found off; deny all; } - location ~ ~$ { access_log off; log_not_found off; deny all; } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl b/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl deleted file mode 100644 index b92861b0..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/pyrocms.tpl +++ /dev/null @@ -1,62 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%/public; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location /installer { - try_files $uri $uri/ /installer/index.php?$query_string; - } - - location / { - try_files $uri $uri/ /index.php; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - } - } - - location = /robots.txt { access_log off; log_not_found off; } - location = /favicon.ico { access_log off; log_not_found off; } - location ~ /\.ht { access_log off; log_not_found off; deny all; } - location ~ ~$ { access_log off; log_not_found off; deny all; } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl deleted file mode 100644 index 0b351000..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/sendy.stpl +++ /dev/null @@ -1,88 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { - deny all; - } - - location ~ /(readme.html|license.txt) { - deny all; - } - - if (!-f $request_filename){ - rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; - } - - location / { - try_files $uri $uri/ /index.php?$args; - location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { - expires 1d; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - try_files $uri =404; - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - - location /l/ { - rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; - } - - location /t/ { - rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; - } - - location /w/ { - rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; - } - - location /unsubscribe/ { - rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; - } - - location /subscribe/ { - rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/web/%domain%/stats/auth.conf*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl b/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl deleted file mode 100644 index b27b427d..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/sendy.tpl +++ /dev/null @@ -1,86 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location ~* "/\.(htaccess|htpasswd|git|svn|DS_Store)$" { - deny all; - } - - location ~ /(readme.html|license.txt) { - deny all; - } - - if (!-f $request_filename){ - rewrite ^/([a-zA-Z0-9-]+)$ /$1.php last; - } - - location / { - try_files $uri $uri/ /index.php?$args; - location ~* ^.+\.(ogg|ogv|svg|svgz|swf|eot|otf|woff|mov|mp3|mp4|webm|flv|ttf|rss|atom|jpg|jpeg|gif|png|ico|bmp|mid|midi|wav|rtf|css|js|jar|pdf)$ { - expires 1d; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - try_files $uri =404; - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - - location /l/ { - rewrite ^/l/([a-zA-Z0-9/]+)$ /l.php?i=$1 last; - } - - location /t/ { - rewrite ^/t/([a-zA-Z0-9/]+)$ /t.php?i=$1 last; - } - - location /w/ { - rewrite ^/w/([a-zA-Z0-9/]+)$ /w.php?i=$1 last; - } - - location /unsubscribe/ { - rewrite ^/unsubscribe/(.*)$ /unsubscribe.php?i=$1 last; - } - - location /subscribe/ { - rewrite ^/subscribe/(.*)$ /subscribe.php?i=$1 last; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/web/%domain%/stats/auth.conf*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl deleted file mode 100644 index f9c01e40..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/wordpress.stpl +++ /dev/null @@ -1,54 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location / { - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl deleted file mode 100644 index a8909efb..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/wordpress.tpl +++ /dev/null @@ -1,51 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location / { - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl deleted file mode 100644 index 01dfee5b..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.stpl +++ /dev/null @@ -1,66 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /index.php?$args; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl deleted file mode 100644 index bccb8b3d..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/wordpress2.tpl +++ /dev/null @@ -1,63 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /index.php?$args; - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/conf/web/%domain%.auth*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl deleted file mode 100644 index a5fc46fb..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.stpl +++ /dev/null @@ -1,71 +0,0 @@ -server { - listen %ip%:%web_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /index.php?$args; - - if (!-e $request_filename) - { - rewrite ^(.+)$ /index.php?q=$1 last; - } - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/web/%domain%/stats/auth.conf*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl b/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl deleted file mode 100644 index 39e366b7..00000000 --- a/install/debian/13/templates/web/nginx/php-fpm/wordpress2_rewrite.tpl +++ /dev/null @@ -1,67 +0,0 @@ -server { - listen %ip%:%web_port%; - server_name %domain_idn% %alias_idn%; - root %docroot%; - index index.php index.html index.htm; - access_log /var/log/nginx/domains/%domain%.log combined; - access_log /var/log/nginx/domains/%domain%.bytes bytes; - error_log /var/log/nginx/domains/%domain%.error.log error; - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location / { - try_files $uri $uri/ /index.php?$args; - - if (!-e $request_filename) - { - rewrite ^(.+)$ /index.php?q=$1 last; - } - - location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js)$ { - expires max; - } - - location ~ [^/]\.php(/|$) { - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - if (!-f $document_root$fastcgi_script_name) { - return 404; - } - - fastcgi_pass %backend_lsnr%; - fastcgi_index index.php; - include /etc/nginx/fastcgi_params; - } - } - - error_page 403 /error/404.html; - error_page 404 /error/404.html; - error_page 500 502 503 504 /error/50x.html; - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location ~* "/\.(htaccess|htpasswd)$" { - deny all; - return 404; - } - - location /vstats/ { - alias %home%/%user%/web/%domain%/stats/; - include %home%/%user%/web/%domain%/stats/auth.conf*; - } - - include /etc/nginx/conf.d/phpmyadmin.inc*; - include /etc/nginx/conf.d/phppgadmin.inc*; - include /etc/nginx/conf.d/webmail.inc*; - - include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/private-force-https.stpl b/install/debian/13/templates/web/nginx/private-force-https.stpl deleted file mode 100644 index bf805683..00000000 --- a/install/debian/13/templates/web/nginx/private-force-https.stpl +++ /dev/null @@ -1,40 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - auth_basic "Restricted area"; - auth_basic_user_file /etc/nginx/.htpasswd; - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/install/debian/13/templates/web/nginx/private-force-https.tpl b/install/debian/13/templates/web/nginx/private-force-https.tpl deleted file mode 100644 index 5a463370..00000000 --- a/install/debian/13/templates/web/nginx/private-force-https.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/install/debian/13/templates/web/nginx/private-hosting.sh b/install/debian/13/templates/web/nginx/private-hosting.sh deleted file mode 100644 index eeed37ef..00000000 --- a/install/debian/13/templates/web/nginx/private-hosting.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# Changing public_html permission -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -chmod 755 $docroot - -exit 0 diff --git a/install/debian/13/templates/web/nginx/private-hosting.stpl b/install/debian/13/templates/web/nginx/private-hosting.stpl deleted file mode 100644 index 8e5b3f7b..00000000 --- a/install/debian/13/templates/web/nginx/private-hosting.stpl +++ /dev/null @@ -1,42 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - auth_basic "Restricted area"; - auth_basic_user_file /etc/nginx/.htpasswd; - proxy_pass https://%ip%:%web_ssl_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/snginx.%domain_idn%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/private-hosting.tpl b/install/debian/13/templates/web/nginx/private-hosting.tpl deleted file mode 100644 index a8ee840e..00000000 --- a/install/debian/13/templates/web/nginx/private-hosting.tpl +++ /dev/null @@ -1,38 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - auth_basic "Restricted area"; - auth_basic_user_file /etc/nginx/.htpasswd; - proxy_pass http://%ip%:%web_port%; - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/nginx.%domain_idn%.conf*; -} - diff --git a/install/debian/13/templates/web/nginx/proxy_ip.tpl b/install/debian/13/templates/web/nginx/proxy_ip.tpl deleted file mode 100644 index ae195617..00000000 --- a/install/debian/13/templates/web/nginx/proxy_ip.tpl +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen %ip%:%proxy_port% default; - server_name _; - #access_log /var/log/nginx/%ip%.log main; - location / { - proxy_pass http://%ip%:%web_port%; - } -} - diff --git a/install/debian/13/templates/web/php-fpm/default.tpl b/install/debian/13/templates/web/php-fpm/default.tpl deleted file mode 100644 index 209e1e43..00000000 --- a/install/debian/13/templates/web/php-fpm/default.tpl +++ /dev/null @@ -1,21 +0,0 @@ -[%backend%] -listen = 127.0.0.1:%backend_port% -listen.allowed_clients = 127.0.0.1 - -user = %user% -group = %user% - -pm = ondemand -pm.max_children = 4 -pm.max_requests = 4000 -pm.process_idle_timeout = 10s -pm.status_path = /status - -php_admin_value[upload_tmp_dir] = /home/%user%/tmp -php_admin_value[session.save_path] = /home/%user%/tmp - -env[HOSTNAME] = $HOSTNAME -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /home/%user%/tmp -env[TMPDIR] = /home/%user%/tmp -env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/php-fpm/no-php.tpl b/install/debian/13/templates/web/php-fpm/no-php.tpl deleted file mode 100644 index 047c33ed..00000000 --- a/install/debian/13/templates/web/php-fpm/no-php.tpl +++ /dev/null @@ -1,20 +0,0 @@ -;[%backend%] -;listen = /dev/null - -;user = %user% -;group = %user% - -;listen.owner = %user% -;listen.group = www-data - -;pm = ondemand -;pm.max_children = 4 -;pm.max_requests = 4000 -;pm.process_idle_timeout = 10s -;pm.status_path = /status - -;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin -;env[TMP] = /home/%user%/tmp -;env[TMPDIR] = /home/%user%/tmp -;env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/php-fpm/socket.tpl b/install/debian/13/templates/web/php-fpm/socket.tpl deleted file mode 100644 index a0151084..00000000 --- a/install/debian/13/templates/web/php-fpm/socket.tpl +++ /dev/null @@ -1,24 +0,0 @@ -[%backend%] -listen = /var/run/php/%backend%.sock -listen.allowed_clients = 127.0.0.1 - -user = %user% -group = %user% - -listen.owner = %user% -listen.group = www-data - -pm = ondemand -pm.max_children = 4 -pm.max_requests = 4000 -pm.process_idle_timeout = 10s -pm.status_path = /status - -php_admin_value[upload_tmp_dir] = /home/%user%/tmp -php_admin_value[session.save_path] = /home/%user%/tmp - -env[HOSTNAME] = $HOSTNAME -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /home/%user%/tmp -env[TMPDIR] = /home/%user%/tmp -env[TEMP] = /home/%user%/tmp diff --git a/install/debian/13/templates/web/skel/document_errors/403.html b/install/debian/13/templates/web/skel/document_errors/403.html deleted file mode 100644 index 9c3f6baa..00000000 --- a/install/debian/13/templates/web/skel/document_errors/403.html +++ /dev/null @@ -1,29 +0,0 @@ - - - 403 — Forbidden - - - - - - -

%domain%

- -

403

-

Forbidden

-
- Unfortunately, you do not have permission to view this -
- - - diff --git a/install/debian/13/templates/web/skel/document_errors/404.html b/install/debian/13/templates/web/skel/document_errors/404.html deleted file mode 100644 index 2cee7708..00000000 --- a/install/debian/13/templates/web/skel/document_errors/404.html +++ /dev/null @@ -1,28 +0,0 @@ - - - 404 — Not Found - - - - - - -

%domain%

-

404

-

Page Not Found

-
- It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. - You can start again from the home or go back to previous page. -
- - diff --git a/install/debian/13/templates/web/skel/document_errors/50x.html b/install/debian/13/templates/web/skel/document_errors/50x.html deleted file mode 100644 index 85ba648b..00000000 --- a/install/debian/13/templates/web/skel/document_errors/50x.html +++ /dev/null @@ -1,29 +0,0 @@ - - - 500 — Internal Sever Error - - - - - - -

%domain%

- -

500

-

Internal Server Error

-
- Sorry, something went wrong :( -
- - - diff --git a/install/debian/13/templates/web/skel/public_html/index.html b/install/debian/13/templates/web/skel/public_html/index.html deleted file mode 100644 index c2895cf2..00000000 --- a/install/debian/13/templates/web/skel/public_html/index.html +++ /dev/null @@ -1,26 +0,0 @@ - - - %domain% — Coming Soon - - - - - - -

%domain%

- - - - - diff --git a/install/debian/13/templates/web/skel/public_html/robots.txt b/install/debian/13/templates/web/skel/public_html/robots.txt deleted file mode 100644 index 00ee83dc..00000000 --- a/install/debian/13/templates/web/skel/public_html/robots.txt +++ /dev/null @@ -1,3 +0,0 @@ -# vestacp autogenerated robots.txt -User-agent: * -Crawl-delay: 10 diff --git a/install/debian/13/templates/web/skel/public_shtml/index.html b/install/debian/13/templates/web/skel/public_shtml/index.html deleted file mode 100644 index c2895cf2..00000000 --- a/install/debian/13/templates/web/skel/public_shtml/index.html +++ /dev/null @@ -1,26 +0,0 @@ - - - %domain% — Coming Soon - - - - - - -

%domain%

- - - - - diff --git a/install/debian/13/templates/web/skel/public_shtml/robots.txt b/install/debian/13/templates/web/skel/public_shtml/robots.txt deleted file mode 100644 index 00ee83dc..00000000 --- a/install/debian/13/templates/web/skel/public_shtml/robots.txt +++ /dev/null @@ -1,3 +0,0 @@ -# vestacp autogenerated robots.txt -User-agent: * -Crawl-delay: 10 diff --git a/install/debian/13/templates/web/suspend/.htaccess b/install/debian/13/templates/web/suspend/.htaccess deleted file mode 100644 index 5a6df83f..00000000 --- a/install/debian/13/templates/web/suspend/.htaccess +++ /dev/null @@ -1,2 +0,0 @@ -ErrorDocument 403 /index.html -ErrorDocument 404 /index.html diff --git a/install/debian/13/templates/web/suspend/index.html b/install/debian/13/templates/web/suspend/index.html deleted file mode 100644 index 3815354d..00000000 --- a/install/debian/13/templates/web/suspend/index.html +++ /dev/null @@ -1,25 +0,0 @@ - - - Website Suspended - - - - - -

Temporary under construction

-

This website is temporary under construction.

-
- We will back again soon. -
- - diff --git a/install/debian/13/templates/web/webalizer/webalizer.tpl b/install/debian/13/templates/web/webalizer/webalizer.tpl deleted file mode 100644 index 068adcfb..00000000 --- a/install/debian/13/templates/web/webalizer/webalizer.tpl +++ /dev/null @@ -1,110 +0,0 @@ -HostName %domain_idn% -LogFile /var/log/%web_system%/domains/%domain%.log -OutputDir %home%/%user%/web/%domain%/stats -HistoryName %home%/%user%/web/%domain%/stats/%domain%.hist -Incremental yes -IncrementalName %home%/%user%/web/%domain%/stats/%domain%.current -PageType htm* -PageType cgi -PageType php -PageType shtml -DNSCache /var/lib/webalizer/dns_cache.db -DNSChildren 10 -Quiet yes -FoldSeqErr yes -IndexAlias index.php -HideURL *.gif -HideURL *.GIF -HideURL *.jpg -HideURL *.JPG -HideURL *.png -HideURL *.PNG -HideURL *.ra -SearchEngine abcsearch. terms= -SearchEngine alexa. q= -SearchEngine alltheweb. q= -SearchEngine alltheweb. query= -SearchEngine alot. q= -SearchEngine altavista. q= -SearchEngine aolsearch. query= -SearchEngine aport.ru r= -SearchEngine ask. q= -SearchEngine atlas.cz q= -SearchEngine bbc. q= -SearchEngine bing. q= -SearchEngine blingo. q= -SearchEngine blogs.yandex.ru text= -SearchEngine btopenworld query= -SearchEngine buscador.ya.com q= -SearchEngine busca. q= -SearchEngine business. query= -SearchEngine centrum.cz q= -SearchEngine chiff. q= -SearchEngine clusty. query= -SearchEngine comcast. q= -SearchEngine crawler. q= -SearchEngine cuil. q= -SearchEngine dmoz. search= -SearchEngine dogpile.com q= -SearchEngine dpxml qkw= -SearchEngine eureka. searchword= -SearchEngine euroseek. string= -SearchEngine exalead. q= -SearchEngine excite search= -SearchEngine ezilon. q= -SearchEngine fastbrowsersearch. q= -SearchEngine feedster.com q= -SearchEngine fireball.de q= -SearchEngine fireball. keyword= -SearchEngine freeserve. q= -SearchEngine gigablast. q= -SearchEngine gogo.ru q= -SearchEngine go.mail.ru q= -SearchEngine google. q= -SearchEngine hakia. q= -SearchEngine hotbot. query= -SearchEngine infoseek. qt= -SearchEngine iwon searchfor= -SearchEngine ixquick.com query= -SearchEngine joeant. keywords= -SearchEngine jyxo.cz s= -SearchEngine looksmart. key= -SearchEngine lycos. query= -SearchEngine mamma. q= -SearchEngine metacrawler q= -SearchEngine msn. MT= -SearchEngine msxml qkw= -SearchEngine mysearch. searchfor= -SearchEngine mywebsearch. searchfor= -SearchEngine netscape. q= -SearchEngine nigma.ru q= -SearchEngine northernlight. qr= -SearchEngine ntlworld. q= -SearchEngine orange. q= -SearchEngine overture. Keywords= -SearchEngine punto.ru text= -SearchEngine rambler. keyword= -SearchEngine search.aol. q= -SearchEngine search.babylon. q= -SearchEngine search.centrum. phrase= -SearchEngine search.conduit. q= -SearchEngine search.earthlink q= -SearchEngine search.icq. q= -SearchEngine search.live.com q= -SearchEngine search.rambler.ru words= -SearchEngine search.winamp. q= -SearchEngine searchy. q= -SearchEngine seznam.cz w= -SearchEngine snap. query= -SearchEngine teoma. q= -SearchEngine teradex.com q= -SearchEngine ukplus key= -SearchEngine verizon. q= -SearchEngine virginmedia. q= -SearchEngine voila. rdata= -SearchEngine webcrawler searchText= -SearchEngine web.search.naver. query= -SearchEngine wisenut q= -SearchEngine yahoo. p= -SearchEngine yandex. text= -SearchEngine yodao. q= diff --git a/install/debian/13/vsftpd/vsftpd.conf b/install/debian/13/vsftpd/vsftpd.conf deleted file mode 100644 index 1ca1a992..00000000 --- a/install/debian/13/vsftpd/vsftpd.conf +++ /dev/null @@ -1,26 +0,0 @@ -anonymous_enable=NO -local_enable=YES -write_enable=YES -local_umask=022 -anon_umask=022 -anon_upload_enable=NO -dirmessage_enable=YES -xferlog_enable=YES -connect_from_port_20=YES -xferlog_std_format=YES -dual_log_enable=YES -chroot_local_user=YES -listen=YES -pam_service_name=vsftpd -userlist_enable=NO -tcp_wrappers=YES -force_dot_files=YES -ascii_upload_enable=YES -ascii_download_enable=YES -#allow_writable_chroot=YES -allow_writeable_chroot=YES -seccomp_sandbox=NO -pasv_enable=YES -pasv_max_port=12100 -pasv_min_port=12000 -use_localtime=YES diff --git a/install/debian/8/exim/dnsbl.conf b/install/debian/8/exim/dnsbl.conf index 279bafcd..5166b255 100644 --- a/install/debian/8/exim/dnsbl.conf +++ b/install/debian/8/exim/dnsbl.conf @@ -1 +1,2 @@ bl.spamcop.net +zen.spamhaus.org diff --git a/install/debian/8/templates/web/awstats/awstats.tpl b/install/debian/8/templates/web/awstats/awstats.tpl index 6bb51c50..9a92e0fd 100755 --- a/install/debian/8/templates/web/awstats/awstats.tpl +++ b/install/debian/8/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1" +SkipHosts="127.0.0.1 SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/debian/9/exim/dnsbl.conf b/install/debian/9/exim/dnsbl.conf index 279bafcd..5166b255 100644 --- a/install/debian/9/exim/dnsbl.conf +++ b/install/debian/9/exim/dnsbl.conf @@ -1 +1,2 @@ bl.spamcop.net +zen.spamhaus.org diff --git a/install/debian/9/templates/web/awstats/awstats.tpl b/install/debian/9/templates/web/awstats/awstats.tpl index 6bb51c50..9a92e0fd 100755 --- a/install/debian/9/templates/web/awstats/awstats.tpl +++ b/install/debian/9/templates/web/awstats/awstats.tpl @@ -24,7 +24,7 @@ PurgeLogFile=0 ArchiveLogRecords=0 KeepBackupOfHistoricFiles=1 DefaultFile="index.php index.html" -SkipHosts="127.0.0.1" +SkipHosts="127.0.0.1 SkipUserAgents="" SkipFiles="" SkipReferrersBlackList="" diff --git a/install/vst-install-debian.sh b/install/vst-install-debian.sh index 98887225..47e8ede0 100755 --- a/install/vst-install-debian.sh +++ b/install/vst-install-debian.sh @@ -20,26 +20,14 @@ codename="$(cat /etc/os-release |grep VERSION= |cut -f 2 -d \(|cut -f 1 -d \))" vestacp="$VESTA/install/$VERSION/$release" ARCH="amd64" -if [ "$release" -eq 13 ]; then +if [ "$release" -eq 12 ]; then software="nginx apache2 apache2-utils libapache2-mod-fcgid php-fpm php php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core roundcube-mysql roundcube-plugins mariadb-server mariadb-common - mariadb-client postgresql postgresql-contrib phpmyadmin mc - flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota - e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils - bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl - unrar-free vim-common net-tools unzip iptables xxd spamd" -elif [ "$release" -eq 12 ]; then - software="nginx apache2 apache2-utils - libapache2-mod-fcgid php-fpm php - php-common php-cgi php-mysql php-curl php-fpm php-pgsql awstats - vsftpd proftpd-basic bind9 exim4 exim4-daemon-heavy - clamav-daemon spamassassin dovecot-imapd dovecot-pop3d roundcube-core - roundcube-mysql roundcube-plugins mariadb-server mariadb-common - mariadb-client postgresql postgresql-contrib phpmyadmin mc + mariadb-client postgresql postgresql-contrib phppgadmin phpmyadmin mc flex whois git idn zip sudo bc ftp lsof ntpdate rrdtool quota e2fslibs bsdutils e2fsprogs curl imagemagick fail2ban dnsutils bsdmainutils cron vesta vesta-nginx vesta-php expect libmail-dkim-perl @@ -143,11 +131,7 @@ help() { # Defining password-gen function gen_pass() { MATRIX='0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' - if [ -z "$1" ]; then - LENGTH=32 - else - LENGTH=$1 - fi + LENGTH=32 while [ ${n:=1} -le $LENGTH ]; do PASS="$PASS${MATRIX:$(($RANDOM%${#MATRIX})):1}" let n+=1 @@ -503,16 +487,10 @@ echo -e "\n\n" # Asking for confirmation to proceed if [ "$interactive" = 'yes' ]; then - prompt_to_continue=1; - if [ ! -z "$email" ] && [ ! -z "$secret_url" ] && [ ! -z "$port" ] && [ ! -z "$servername" ]; then - prompt_to_continue=0; - fi - if [ $prompt_to_continue -eq 1 ]; then - read -p 'Would you like to continue [y/n]: ' answer - if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then - echo 'Goodbye' - exit 1 - fi + read -p 'Would you like to continue [y/n]: ' answer + if [ "$answer" != 'y' ] && [ "$answer" != 'Y' ]; then + echo 'Goodbye' + exit 1 fi # Asking for contact email @@ -771,37 +749,31 @@ if [ "$mysql" = 'no' ]; then fi if [ "$mysql8" = 'yes' ]; then echo "=== Preparing MySQL 8 apt repo" - if [ "$release" -lt 12 ]; then - software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') - software=$(echo "$software" | sed -e 's/exim4//') - #software="$software php-mysql roundcube-mysql" - echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list - echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list - echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list - echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list - echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list - - # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 - key="467B942D3A79BD29" - readonly key - GNUPGHOME="$(mktemp -d)" - export GNUPGHOME - for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) - do - gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break - done - gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg - gpgconf --kill all - rm -rf "${GNUPGHOME}" - unset GNUPGHOME - else - # check latest on: https://dev.mysql.com/downloads/repo/apt/ - wget https://dev.mysql.com/get/mysql-apt-config_0.8.34-1_all.deb - dpkg -i mysql-apt-config_0.8.34-1_all.deb - fi + software=$(echo "$software" | sed -e 's/exim4-daemon-heavy//') + software=$(echo "$software" | sed -e 's/exim4//') + #software="$software php-mysql roundcube-mysql" + echo "### THIS FILE IS AUTOMATICALLY CONFIGURED ###" > /etc/apt/sources.list.d/mysql.list + echo "# You may comment out entries below, but any other modifications may be lost." >> /etc/apt/sources.list.d/mysql.list + echo "# Use command 'dpkg-reconfigure mysql-apt-config' as root for modifications." >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-apt-config" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + echo "deb http://repo.mysql.com/apt/debian/ $codename mysql-tools" >> /etc/apt/sources.list.d/mysql.list + echo "#deb http://repo.mysql.com/apt/debian/ $codename mysql-tools-preview" >> /etc/apt/sources.list.d/mysql.list + echo "deb-src http://repo.mysql.com/apt/debian/ $codename mysql-8.0" >> /etc/apt/sources.list.d/mysql.list + + # apt-key adv --keyserver pgp.mit.edu --recv-keys 3A79BD29 + key="467B942D3A79BD29" + readonly key + GNUPGHOME="$(mktemp -d)" + export GNUPGHOME + for keyserver in $(shuf -e ha.pool.sks-keyservers.net hkp://p80.pool.sks-keyservers.net:80 keyserver.ubuntu.com hkp://keyserver.ubuntu.com:80) + do + gpg --keyserver "${keyserver}" --recv-keys "${key}" 2>&1 && break + done + gpg --export "${key}" > /etc/apt/trusted.gpg.d/mysql.gpg + gpgconf --kill all + rm -rf "${GNUPGHOME}" + unset GNUPGHOME mpass=$(gen_pass) debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $mpass" @@ -1095,22 +1067,6 @@ if [ "$release" -eq 12 ]; then ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.stpl ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-82.tpl fi -if [ "$release" -eq 13 ]; then - echo "== Symlink missing templates" - ln -s /usr/local/vesta/data/templates/web/nginx/hosting.sh /usr/local/vesta/data/templates/web/nginx/default.sh - ln -s /usr/local/vesta/data/templates/web/nginx/hosting.tpl /usr/local/vesta/data/templates/web/nginx/default.tpl - ln -s /usr/local/vesta/data/templates/web/nginx/hosting.stpl /usr/local/vesta/data/templates/web/nginx/default.stpl - - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/hosting.sh - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/hosting.tpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/hosting.stpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh /usr/local/vesta/data/templates/web/apache2/default.sh - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl /usr/local/vesta/data/templates/web/apache2/default.tpl - ln -s /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl /usr/local/vesta/data/templates/web/apache2/default.stpl - - ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.stpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.stpl - ln -s /usr/local/vesta/data/templates/web/nginx/php-fpm/default.tpl /usr/local/vesta/data/templates/web/nginx/php-fpm/PHP-FPM-84.tpl -fi echo "== Set nameservers address" sed -i "s/YOURHOSTNAME1/ns1.$servername/" /usr/local/vesta/data/packages/default.pkg @@ -1162,9 +1118,7 @@ if [ "$nginx" = 'yes' ]; then cp -f $vestacp/nginx/nginx.conf /etc/nginx/ cp -f $vestacp/nginx/status.conf /etc/nginx/conf.d/ cp -f $vestacp/nginx/phpmyadmin.inc /etc/nginx/conf.d/ - if [ "$release" -lt 12 ]; then - cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ - fi + cp -f $vestacp/nginx/phppgadmin.inc /etc/nginx/conf.d/ cp -f $vestacp/nginx/webmail.inc /etc/nginx/conf.d/ cp -f $vestacp/logrotate/nginx /etc/logrotate.d/ @@ -1173,13 +1127,6 @@ if [ "$nginx" = 'yes' ]; then echo > /etc/nginx/conf.d/vesta.conf mkdir -p /var/log/nginx/domains - - if [ "$apache" = 'yes' ]; then - # SSL fix for Apache 2.4.65+ - echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf - touch /usr/local/vesta/data/upgrades/fixssl.conf - fi - #update-rc.d nginx defaults #service nginx start currentservice='nginx' @@ -1235,13 +1182,7 @@ fi if [ "$phpfpm" = 'yes' ]; then echo "=== Configure PHP-FPM" - if [ "$release" -eq 13 ]; then - cp -f $vestacp/php-fpm/www.conf /etc/php/8.4/fpm/pool.d/www.conf - #update-rc.d php8.4-fpm defaults - currentservice='php8.4-fpm' - ensure_startup $currentservice - ensure_start $currentservice - elif [ "$release" -eq 12 ]; then + if [ "$release" -eq 12 ]; then cp -f $vestacp/php-fpm/www.conf /etc/php/8.2/fpm/pool.d/www.conf #update-rc.d php8.2-fpm defaults currentservice='php8.2-fpm' @@ -1423,9 +1364,6 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php - - # disable root login - echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi if [ "$release" -gt 10 ]; then echo "=== Configure phpMyAdmin (Debian11 custom part)" @@ -1443,9 +1381,6 @@ if [ "$mysql" = 'yes' ] || [ "$mysql8" = 'yes' ]; then bash /root/phpmyadmin/pma.sh blowfish=$(gen_pass) echo "\$cfg['blowfish_secret'] = '$blowfish';" >> /etc/phpmyadmin/config.inc.php - - # disable root login - echo "\$cfg['Servers'][\$i]['AllowRoot'] = FALSE;" >> /etc/phpmyadmin/config.inc.php fi fi @@ -1463,12 +1398,10 @@ if [ "$postgresql" = 'yes' ]; then sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '$ppass'" # Configuring phpPgAdmin - if [ "$release" -lt 12 ]; then - if [ "$apache" = 'yes' ]; then - cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ - fi - cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ + if [ "$apache" = 'yes' ]; then + cp -f $vestacp/pga/phppgadmin.conf /etc/apache2/conf.d/ fi + cp -f $vestacp/pga/config.inc.php /etc/phppgadmin/ fi @@ -1489,7 +1422,7 @@ if [ "$named" = 'yes' ]; then sed -i "s#/etc/bind/\*\* r,#/etc/bind/\*\* rw,\n /home/\*\* rwm,#g" /etc/apparmor.d/usr.sbin.named # service apparmor status >/dev/null 2>&1 # if [ $? -ne 0 ]; then - systemctl restart apparmor + service apparmor restart # fi fi # update-rc.d bind9 defaults @@ -1522,12 +1455,6 @@ if [ "$exim" = 'yes' ]; then sed -i "s/#CLAMD/CLAMD/g" /etc/exim4/exim4.conf.template fi - # Generating SRS KEY - the code is taken from HestiaCP - srs=$(gen_pass 16) - echo $srs > /etc/exim4/srs.conf - chmod 640 /etc/exim4/srs.conf - chown root:Debian-exim /etc/exim4/srs.conf - chmod 640 /etc/exim4/exim4.conf.template rm -rf /etc/exim4/domains mkdir -p /etc/exim4/domains @@ -1542,8 +1469,7 @@ if [ "$exim" = 'yes' ]; then #update-rc.d exim4 defaults currentservice='exim4' ensure_startup $currentservice - systemctl restart $currentservice - # ensure_start $currentservice + ensure_start $currentservice fi @@ -1628,15 +1554,6 @@ if [ "$spamd" = 'yes' ]; then echo "=== Patching spamassassin dns_server" sed -i "s/report_safe 1/report_safe 1\n\ndns_server 127.0.0.1/g" /etc/spamassassin/local.cf - echo "== Adding myVesta rules to SpamAssassin" - cat < /etc/spamassassin/myvesta.cf -score RCVD_IN_RP_SAFE 0 -score RCVD_IN_RP_CERTIFIED 0 -score SPF_FAIL 3.0 -score SPF_SOFTFAIL 4.0 -score SPF_NONE 4.0 -EOF - wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf ensure_startup $currentservice systemctl restart $currentservice @@ -1746,20 +1663,6 @@ if [ "$fail2ban" = 'yes' ]; then chmod 640 /var/log/auth.log chown root:adm /var/log/auth.log fi - if [ "$proftpd" = 'yes' ]; then - cat <> /etc/fail2ban/jail.local - -[proftpd] -enabled = true -filter = proftpd -action = vesta[name=FTP] -port = ftp,ftp-data,ftps,ftps-data -logpath = %(proftpd_log)s -backend = %(proftpd_backend)s -maxretry = 5 -EOF - fi - #update-rc.d fail2ban defaults currentservice='fail2ban' ensure_startup $currentservice @@ -1919,20 +1822,6 @@ if [ "$release" -eq 12 ]; then /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' fi fi -if [ "$release" -eq 13 ]; then - if [ -f "/etc/php/8.4/fpm/pool.d/$servername.conf" ]; then - echo "== FPM pool.d $servername tweaks" - sed -i "/^group =/c\group = www-data" /etc/php/8.4/fpm/pool.d/$servername.conf - sed -i "/max_execution_time/c\php_admin_value[max_execution_time] = 900" /etc/php/8.4/fpm/pool.d/$servername.conf - sed -i "/request_terminate_timeout/c\request_terminate_timeout = 900s" /etc/php/8.4/fpm/pool.d/$servername.conf - sed -i "s|80M|800M|g" /etc/php/8.4/fpm/pool.d/$servername.conf - sed -i "s|256M|512M|g" /etc/php/8.4/fpm/pool.d/$servername.conf - service php8.4-fpm restart - ln -s /var/lib/roundcube /var/lib/roundcube/webmail - /usr/local/vesta/bin/v-change-web-domain-proxy-tpl 'admin' "$servername" 'hosting-webmail-phpmyadmin' 'jpg,jpeg,gif,png,ico,svg,css,zip,tgz,gz,rar,bz2,doc,xls,exe,pdf,ppt,txt,odt,ods,odp,odf,tar,wav,bmp,rtf,js,mp3,avi,mpeg,flv,woff,woff2' 'yes' - fi -fi - echo "== Adding cron jobs" command="sudo $VESTA/bin/v-update-sys-queue disk" @@ -1949,13 +1838,7 @@ command="sudo $VESTA/bin/v-update-user-stats" $VESTA/bin/v-add-cron-job 'admin' '20' '00' '*' '*' '*' "$command" command="sudo $VESTA/bin/v-update-sys-rrd" $VESTA/bin/v-add-cron-job 'admin' '*/5' '*' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" -$VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-df-snapshot-make" -$VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" -command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" -$VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" -systemctl restart cron.service +service cron restart echo "== Building inititall rrd images" $VESTA/bin/v-update-sys-rrd @@ -2001,9 +1884,6 @@ fi if [ "$release" -eq 12 ]; then apt-get -y install php8.2-apcu php8.2-mbstring php8.2-bcmath php8.2-curl php8.2-gd php8.2-intl php8.2-mysql php8.2-mysqlnd php8.2-pdo php8.2-soap php8.2-xml php8.2-zip php8.2-memcache php8.2-memcached php8.2-zip php8.2-imagick php8.2-imap fi -if [ "$release" -eq 13 ]; then - apt-get -y install php8.4-apcu php8.4-mbstring php8.4-bcmath php8.4-curl php8.4-gd php8.4-intl php8.4-mysql php8.4-mysqlnd php8.4-pdo php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-zip php8.4-imagick php8.4-imap -fi touch /var/log/php-mail.log chmod a=rw /var/log/php-mail.log @@ -2059,13 +1939,6 @@ if [ "$release" -eq 12 ]; then service php8.2-fpm restart fi -if [ "$release" -eq 13 ]; then - echo "=== Patching php8.4" - patch /etc/php/8.4/fpm/php.ini < /usr/local/vesta/src/deb/for-download/tools/patches/php8.2.patch - update-alternatives --set php /usr/bin/php8.4 - service php8.4-fpm restart -fi - # echo "=== Patching rcube_vcard.php" # wget -nv https://c.myvestacp.com/tools/patches/rcube_vcard.patch -O /root/rcube_vcard.patch # patch /usr/share/roundcube/program/lib/Roundcube/rcube_vcard.php < /root/rcube_vcard.patch @@ -2143,9 +2016,6 @@ touch /usr/local/vesta/data/upgrades/enable_cookie_httponly touch /usr/local/vesta/data/upgrades/fix_exim_494_autoreply touch /usr/local/vesta/data/upgrades/freshclam_start touch /usr/local/vesta/data/upgrades/barracuda_rbl -touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed -touch /usr/local/vesta/data/upgrades/v-df-snapshot-make -touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php # Secret URL secretquery='' @@ -2160,24 +2030,18 @@ if [ "$port" != "8083" ]; then $VESTA/bin/v-change-vesta-port $port fi +echo "=== Set URL for phpmyadmin" echo "DB_PMA_URL='https://$servername/phpmyadmin/'" >> $VESTA/conf/vesta.conf if [ "$release" -gt 9 ]; then echo "=== Set max_length_of_MySQL_username=80" - echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf fi +echo "MAX_DBUSER_LEN=80" >> $VESTA/conf/vesta.conf echo "ALLOW_BACKUP_ANYTIME='yes'" >> $VESTA/conf/vesta.conf echo "NOTIFY_ADMIN_FULL_BACKUP='$email'" >> $VESTA/conf/vesta.conf -echo "=== Adding FileManager license to vesta.conf" -echo "FILEMANAGER_KEY='FREEFM'" >> $VESTA/conf/vesta.conf +echo "================================================================" # Removing old PHP sessions files -touch /var/spool/cron/crontabs/root -echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;" >> /var/spool/cron/crontabs/root - -if [ -f "/root/.bash_profile" ]; then - echo "=== Adding v-cd-www alias to root bash profile" - echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile -fi +crontab -l | { cat; echo "10 2 * * 6 sudo find /home/*/tmp/ -type f -mtime +5 -exec rm {} \;"; } | crontab - #----------------------------------------------------------# # myVesta Access Info # diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh deleted file mode 100644 index f5e7c6fd..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.sh +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/bash -# Adding php pool conf -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -pool_conf="[$2] - -listen = /run/php/php8.3-fpm-$2.sock -listen.owner = $1 -listen.group = $1 -listen.mode = 0666 - -user = $1 -group = $1 - -pm = ondemand -pm.max_children = 8 -request_terminate_timeout = 360s -pm.max_requests = 4000 -pm.process_idle_timeout = 10s -pm.status_path = /status - -php_admin_value[upload_tmp_dir] = /home/$1/tmp -php_admin_value[session.save_path] = /home/$1/tmp -php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 800M -php_admin_value[max_execution_time] = 300 -php_admin_value[post_max_size] = 800M -php_admin_value[memory_limit] = 512M -php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" -php_admin_flag[mysql.allow_persistent] = off -php_admin_flag[safe_mode] = off - -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /home/$1/tmp -env[TMPDIR] = /home/$1/tmp -env[TEMP] = /home/$1/tmp -" - -pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" -pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" -pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" -pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" -pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" -pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" -pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" -pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" -pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" -pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" - -if [ -f "$pool_file_56" ]; then - rm $pool_file_56 - systemctl reset-failed php5.6-fpm - systemctl restart php5.6-fpm -fi - -if [ -f "$pool_file_70" ]; then - rm $pool_file_70 - systemctl reset-failed php7.0-fpm - systemctl restart php7.0-fpm -fi - -if [ -f "$pool_file_71" ]; then - rm $pool_file_71 - systemctl reset-failed php7.1-fpm - systemctl restart php7.1-fpm -fi - -if [ -f "$pool_file_72" ]; then - rm $pool_file_72 - systemctl reset-failed php7.2-fpm - systemctl restart php7.2-fpm -fi - -if [ -f "$pool_file_73" ]; then - rm $pool_file_73 - systemctl reset-failed php7.3-fpm - systemctl restart php7.3-fpm -fi - -if [ -f "$pool_file_74" ]; then - rm $pool_file_74 - systemctl reset-failed php7.4-fpm - systemctl restart php7.4-fpm -fi - -if [ -f "$pool_file_80" ]; then - rm $pool_file_80 - systemctl reset-failed php8.0-fpm - systemctl restart php8.0-fpm -fi - -if [ -f "$pool_file_81" ]; then - rm $pool_file_81 - systemctl reset-failed php8.1-fpm - systemctl restart php8.1-fpm -fi - -if [ -f "$pool_file_82" ]; then - rm $pool_file_82 - systemctl reset-failed php8.2-fpm - systemctl restart php8.2-fpm -fi - -write_file=0 -if [ ! -f "$pool_file_83" ]; then - write_file=1 -else - user_count=$(grep -c "/home/$1/" $pool_file_83) - if [ $user_count -eq 0 ]; then - write_file=1 - fi -fi -if [ $write_file -eq 1 ]; then - echo "$pool_conf" > $pool_file_83 - systemctl reset-failed php8.3-fpm - systemctl restart php8.3-fpm -fi -if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then - rm /etc/php/8.3/fpm/pool.d/www.conf -fi - -exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl deleted file mode 100644 index cceed0ee..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl +++ /dev/null @@ -1,36 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %sdocroot%/public - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - SSLRequireSSL - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - SSLEngine on - SSLVerifyClient none - SSLCertificateFile %ssl_crt% - SSLCertificateKeyFile %ssl_key% - %ssl_ca_str%SSLCertificateChainFile %ssl_ca% - - - SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* - - - diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl deleted file mode 100644 index ac952817..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl +++ /dev/null @@ -1,30 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %docroot%/public - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - - - SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* - - - diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh deleted file mode 100644 index f5e7c6fd..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.sh +++ /dev/null @@ -1,126 +0,0 @@ -#!/bin/bash -# Adding php pool conf -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -pool_conf="[$2] - -listen = /run/php/php8.3-fpm-$2.sock -listen.owner = $1 -listen.group = $1 -listen.mode = 0666 - -user = $1 -group = $1 - -pm = ondemand -pm.max_children = 8 -request_terminate_timeout = 360s -pm.max_requests = 4000 -pm.process_idle_timeout = 10s -pm.status_path = /status - -php_admin_value[upload_tmp_dir] = /home/$1/tmp -php_admin_value[session.save_path] = /home/$1/tmp -php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 800M -php_admin_value[max_execution_time] = 300 -php_admin_value[post_max_size] = 800M -php_admin_value[memory_limit] = 512M -php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" -php_admin_flag[mysql.allow_persistent] = off -php_admin_flag[safe_mode] = off - -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /home/$1/tmp -env[TMPDIR] = /home/$1/tmp -env[TEMP] = /home/$1/tmp -" - -pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" -pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" -pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" -pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" -pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" -pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" -pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" -pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" -pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" -pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" - -if [ -f "$pool_file_56" ]; then - rm $pool_file_56 - systemctl reset-failed php5.6-fpm - systemctl restart php5.6-fpm -fi - -if [ -f "$pool_file_70" ]; then - rm $pool_file_70 - systemctl reset-failed php7.0-fpm - systemctl restart php7.0-fpm -fi - -if [ -f "$pool_file_71" ]; then - rm $pool_file_71 - systemctl reset-failed php7.1-fpm - systemctl restart php7.1-fpm -fi - -if [ -f "$pool_file_72" ]; then - rm $pool_file_72 - systemctl reset-failed php7.2-fpm - systemctl restart php7.2-fpm -fi - -if [ -f "$pool_file_73" ]; then - rm $pool_file_73 - systemctl reset-failed php7.3-fpm - systemctl restart php7.3-fpm -fi - -if [ -f "$pool_file_74" ]; then - rm $pool_file_74 - systemctl reset-failed php7.4-fpm - systemctl restart php7.4-fpm -fi - -if [ -f "$pool_file_80" ]; then - rm $pool_file_80 - systemctl reset-failed php8.0-fpm - systemctl restart php8.0-fpm -fi - -if [ -f "$pool_file_81" ]; then - rm $pool_file_81 - systemctl reset-failed php8.1-fpm - systemctl restart php8.1-fpm -fi - -if [ -f "$pool_file_82" ]; then - rm $pool_file_82 - systemctl reset-failed php8.2-fpm - systemctl restart php8.2-fpm -fi - -write_file=0 -if [ ! -f "$pool_file_83" ]; then - write_file=1 -else - user_count=$(grep -c "/home/$1/" $pool_file_83) - if [ $user_count -eq 0 ]; then - write_file=1 - fi -fi -if [ $write_file -eq 1 ]; then - echo "$pool_conf" > $pool_file_83 - systemctl reset-failed php8.3-fpm - systemctl restart php8.3-fpm -fi -if [ -f "/etc/php/8.3/fpm/pool.d/www.conf" ]; then - rm /etc/php/8.3/fpm/pool.d/www.conf -fi - -exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl deleted file mode 100644 index f043bfa8..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.stpl +++ /dev/null @@ -1,36 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %sdocroot% - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - SSLRequireSSL - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - SSLEngine on - SSLVerifyClient none - SSLCertificateFile %ssl_crt% - SSLCertificateKeyFile %ssl_key% - %ssl_ca_str%SSLCertificateChainFile %ssl_ca% - - - SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* - - - diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl deleted file mode 100644 index 9b5bf916..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-83.tpl +++ /dev/null @@ -1,30 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %docroot% - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - - - SetHandler "proxy:unix:/run/php/php8.3-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* - - - diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh deleted file mode 100644 index cbea2de9..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.sh +++ /dev/null @@ -1,133 +0,0 @@ -#!/bin/bash -# Adding php pool conf -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -pool_conf="[$2] - -listen = /run/php/php8.4-fpm-$2.sock -listen.owner = $1 -listen.group = $1 -listen.mode = 0666 - -user = $1 -group = $1 - -pm = ondemand -pm.max_children = 8 -request_terminate_timeout = 360s -pm.max_requests = 4000 -pm.process_idle_timeout = 10s -pm.status_path = /status - -php_admin_value[upload_tmp_dir] = /home/$1/tmp -php_admin_value[session.save_path] = /home/$1/tmp -php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 800M -php_admin_value[max_execution_time] = 300 -php_admin_value[post_max_size] = 800M -php_admin_value[memory_limit] = 512M -php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" -php_admin_flag[mysql.allow_persistent] = off -php_admin_flag[safe_mode] = off - -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /home/$1/tmp -env[TMPDIR] = /home/$1/tmp -env[TEMP] = /home/$1/tmp -" - -pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" -pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" -pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" -pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" -pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" -pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" -pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" -pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" -pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" -pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" -pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" - -if [ -f "$pool_file_56" ]; then - rm $pool_file_56 - systemctl reset-failed php5.6-fpm - systemctl restart php5.6-fpm -fi - -if [ -f "$pool_file_70" ]; then - rm $pool_file_70 - systemctl reset-failed php7.0-fpm - systemctl restart php7.0-fpm -fi - -if [ -f "$pool_file_71" ]; then - rm $pool_file_71 - systemctl reset-failed php7.1-fpm - systemctl restart php7.1-fpm -fi - -if [ -f "$pool_file_72" ]; then - rm $pool_file_72 - systemctl reset-failed php7.2-fpm - systemctl restart php7.2-fpm -fi - -if [ -f "$pool_file_73" ]; then - rm $pool_file_73 - systemctl reset-failed php7.3-fpm - systemctl restart php7.3-fpm -fi - -if [ -f "$pool_file_74" ]; then - rm $pool_file_74 - systemctl reset-failed php7.4-fpm - systemctl restart php7.4-fpm -fi - -if [ -f "$pool_file_80" ]; then - rm $pool_file_80 - systemctl reset-failed php8.0-fpm - systemctl restart php8.0-fpm -fi - -if [ -f "$pool_file_81" ]; then - rm $pool_file_81 - systemctl reset-failed php8.1-fpm - systemctl restart php8.1-fpm -fi - -if [ -f "$pool_file_82" ]; then - rm $pool_file_82 - systemctl reset-failed php8.2-fpm - systemctl restart php8.2-fpm -fi - -if [ -f "$pool_file_83" ]; then - rm $pool_file_83 - systemctl reset-failed php8.3-fpm - systemctl restart php8.3-fpm -fi - -write_file=0 -if [ ! -f "$pool_file_84" ]; then - write_file=1 -else - user_count=$(grep -c "/home/$1/" $pool_file_84) - if [ $user_count -eq 0 ]; then - write_file=1 - fi -fi -if [ $write_file -eq 1 ]; then - echo "$pool_conf" > $pool_file_84 - systemctl reset-failed php8.4-fpm - systemctl restart php8.4-fpm -fi -if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then - rm /etc/php/8.4/fpm/pool.d/www.conf -fi - -exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl deleted file mode 100644 index 91e05b17..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl +++ /dev/null @@ -1,36 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %sdocroot%/public - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - SSLRequireSSL - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - SSLEngine on - SSLVerifyClient none - SSLCertificateFile %ssl_crt% - SSLCertificateKeyFile %ssl_key% - %ssl_ca_str%SSLCertificateChainFile %ssl_ca% - - - SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* - - - diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl deleted file mode 100644 index 94acbf15..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl +++ /dev/null @@ -1,30 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %docroot%/public - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - - - SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* - - - diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh deleted file mode 100644 index cbea2de9..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.sh +++ /dev/null @@ -1,133 +0,0 @@ -#!/bin/bash -# Adding php pool conf -user="$1" -domain="$2" -ip="$3" -home_dir="$4" -docroot="$5" - -pool_conf="[$2] - -listen = /run/php/php8.4-fpm-$2.sock -listen.owner = $1 -listen.group = $1 -listen.mode = 0666 - -user = $1 -group = $1 - -pm = ondemand -pm.max_children = 8 -request_terminate_timeout = 360s -pm.max_requests = 4000 -pm.process_idle_timeout = 10s -pm.status_path = /status - -php_admin_value[upload_tmp_dir] = /home/$1/tmp -php_admin_value[session.save_path] = /home/$1/tmp -php_admin_value[open_basedir] = $5:/home/$1/tmp:/bin:/usr/bin:/usr/local/bin:/var/www/html:/tmp:/usr/share:/etc/phpmyadmin:/var/lib/phpmyadmin:/etc/roundcube:/var/log/roundcube:/var/lib/roundcube -php_admin_value[upload_max_filesize] = 800M -php_admin_value[max_execution_time] = 300 -php_admin_value[post_max_size] = 800M -php_admin_value[memory_limit] = 512M -php_admin_value[sendmail_path] = \"/usr/sbin/sendmail -t -i -f info@$2\" -php_admin_flag[mysql.allow_persistent] = off -php_admin_flag[safe_mode] = off - -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /home/$1/tmp -env[TMPDIR] = /home/$1/tmp -env[TEMP] = /home/$1/tmp -" - -pool_file_56="/etc/php/5.6/fpm/pool.d/$2.conf" -pool_file_70="/etc/php/7.0/fpm/pool.d/$2.conf" -pool_file_71="/etc/php/7.1/fpm/pool.d/$2.conf" -pool_file_72="/etc/php/7.2/fpm/pool.d/$2.conf" -pool_file_73="/etc/php/7.3/fpm/pool.d/$2.conf" -pool_file_74="/etc/php/7.4/fpm/pool.d/$2.conf" -pool_file_80="/etc/php/8.0/fpm/pool.d/$2.conf" -pool_file_81="/etc/php/8.1/fpm/pool.d/$2.conf" -pool_file_82="/etc/php/8.2/fpm/pool.d/$2.conf" -pool_file_83="/etc/php/8.3/fpm/pool.d/$2.conf" -pool_file_84="/etc/php/8.4/fpm/pool.d/$2.conf" - -if [ -f "$pool_file_56" ]; then - rm $pool_file_56 - systemctl reset-failed php5.6-fpm - systemctl restart php5.6-fpm -fi - -if [ -f "$pool_file_70" ]; then - rm $pool_file_70 - systemctl reset-failed php7.0-fpm - systemctl restart php7.0-fpm -fi - -if [ -f "$pool_file_71" ]; then - rm $pool_file_71 - systemctl reset-failed php7.1-fpm - systemctl restart php7.1-fpm -fi - -if [ -f "$pool_file_72" ]; then - rm $pool_file_72 - systemctl reset-failed php7.2-fpm - systemctl restart php7.2-fpm -fi - -if [ -f "$pool_file_73" ]; then - rm $pool_file_73 - systemctl reset-failed php7.3-fpm - systemctl restart php7.3-fpm -fi - -if [ -f "$pool_file_74" ]; then - rm $pool_file_74 - systemctl reset-failed php7.4-fpm - systemctl restart php7.4-fpm -fi - -if [ -f "$pool_file_80" ]; then - rm $pool_file_80 - systemctl reset-failed php8.0-fpm - systemctl restart php8.0-fpm -fi - -if [ -f "$pool_file_81" ]; then - rm $pool_file_81 - systemctl reset-failed php8.1-fpm - systemctl restart php8.1-fpm -fi - -if [ -f "$pool_file_82" ]; then - rm $pool_file_82 - systemctl reset-failed php8.2-fpm - systemctl restart php8.2-fpm -fi - -if [ -f "$pool_file_83" ]; then - rm $pool_file_83 - systemctl reset-failed php8.3-fpm - systemctl restart php8.3-fpm -fi - -write_file=0 -if [ ! -f "$pool_file_84" ]; then - write_file=1 -else - user_count=$(grep -c "/home/$1/" $pool_file_84) - if [ $user_count -eq 0 ]; then - write_file=1 - fi -fi -if [ $write_file -eq 1 ]; then - echo "$pool_conf" > $pool_file_84 - systemctl reset-failed php8.4-fpm - systemctl restart php8.4-fpm -fi -if [ -f "/etc/php/8.4/fpm/pool.d/www.conf" ]; then - rm /etc/php/8.4/fpm/pool.d/www.conf -fi - -exit 0 diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl deleted file mode 100644 index 848abf7c..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.stpl +++ /dev/null @@ -1,36 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %sdocroot% - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - SSLRequireSSL - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - SSLEngine on - SSLVerifyClient none - SSLCertificateFile %ssl_crt% - SSLCertificateKeyFile %ssl_key% - %ssl_ca_str%SSLCertificateChainFile %ssl_ca% - - - SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/s%web_system%.%domain%.conf* - - - diff --git a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl b/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl deleted file mode 100644 index 065c1f89..00000000 --- a/src/deb/for-download/tools/apache-fpm-tpl/PHP-FPM-84.tpl +++ /dev/null @@ -1,30 +0,0 @@ - - - ServerName %domain_idn% - %alias_string% - ServerAdmin %email% - DocumentRoot %docroot% - ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/ - Alias /vstats/ %home%/%user%/web/%domain%/stats/ - Alias /error/ %home%/%user%/web/%domain%/document_errors/ - #SuexecUserGroup %user% %group% - CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes - CustomLog /var/log/%web_system%/domains/%domain%.log combined - ErrorLog /var/log/%web_system%/domains/%domain%.error.log - - AllowOverride All - - - AllowOverride All - Options +Includes -Indexes -FollowSymLinks +SymLinksIfOwnerMatch - - - - SetHandler "proxy:unix:/run/php/php8.4-fpm-%domain%.sock|fcgi://localhost/" - - SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0 - - IncludeOptional %home%/%user%/conf/web/%web_system%.%domain%.conf* - - - diff --git a/src/deb/for-download/tools/default-pool.d/8.3/www.conf b/src/deb/for-download/tools/default-pool.d/8.3/www.conf deleted file mode 100644 index f18939a3..00000000 --- a/src/deb/for-download/tools/default-pool.d/8.3/www.conf +++ /dev/null @@ -1,490 +0,0 @@ -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of the child processes. This can be used only if the master -; process running user is root. It is set after the child process is created. -; The user and group can be specified either by their name or by their numeric -; IDs. -; Note: If the user is root, the executable needs to be started with -; --allow-to-run-as-root option to work. -; Default Values: The user is set to master process running user by default. -; If the group is not set, the user's group is used. -user = www-data -group = www-data - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -listen = /run/php/php8.3-fpm.sock - -; Set listen(2) backlog. -; Default Value: 511 (-1 on Linux, FreeBSD and OpenBSD) -;listen.backlog = 511 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. The owner -; and group can be specified either by name or by their numeric IDs. -; Default Values: Owner is set to the master process running user. If the group -; is not set, the owner's group is used. Mode is set to 0660. -listen.owner = www-data -listen.group = www-data -;listen.mode = 0660 - -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -;listen.acl_users = -;listen.acl_groups = - -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -;listen.allowed_clients = 127.0.0.1 - -; Set the associated the route table (FIB). FreeBSD only -; Default Value: -1 -;listen.setfib = 1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Set the process dumpable flag (PR_SET_DUMPABLE prctl for Linux or -; PROC_TRACE_CTL procctl for FreeBSD) even if the process user -; or group is different than the master process user. It allows to create process -; core dump and ptrace the process for the pool user. -; Default Value: no -; process.dumpable = yes - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; pm.max_spawn_rate - the maximum number of rate to spawn child -; processes at once. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = 5 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: (min_spare_servers + max_spare_servers) / 2 -pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 3 - -; The number of rate to spawn child processes at once. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -; Default Value: 32 -;pm.max_spawn_rate = 32 - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following information: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/share/php/8.3/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The address on which to accept FastCGI status request. This creates a new -; invisible pool that can handle requests independently. This is useful -; if the main pool is busy with long running requests because it is still possible -; to get the status before finishing the long running requests. -; -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Default Value: value of the listen option -;pm.status_listen = 127.0.0.1:9001 - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{milliseconds}d -; - %{milli}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some examples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsulated in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsulated in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" - -; A list of request_uri values which should be filtered from the access log. -; -; As a security precuation, this setting will be ignored if: -; - the request method is not GET or HEAD; or -; - there is a request body; or -; - there are query parameters; or -; - the response code is outwith the successful range of 200 to 299 -; -; Note: The paths are matched against the output of the access.format tag "%r". -; On common configurations, this may look more like SCRIPT_NAME than the -; expected pre-rewrite URI. -; -; Default Value: not set -;access.suppress_path[] = /ping -;access.suppress_path[] = /health_check.php - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; Depth of slow log stack trace. -; Default Value: 20 -;request_slowlog_trace_depth = 20 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; The timeout set by 'request_terminate_timeout' ini option is not engaged after -; application calls 'fastcgi_finish_request' or when application has finished and -; shutdown functions are being called (registered via register_shutdown_function). -; This option will enable timeout limit to be applied unconditionally -; even in such cases. -; Default Value: no -;request_terminate_timeout_track_finished = no - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environment, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Decorate worker output with prefix and suffix containing information about -; the child that writes to the log and if stdout or stderr is used as well as -; log level and time. This options is used only if catch_workers_output is yes. -; Settings to "no" will output data as written to the stdout or stderr. -; Default value: yes -;decorate_workers_output = no - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; execute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 .php7 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin -;env[TMP] = /tmp -;env[TMPDIR] = /tmp -;env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -;php_admin_value[error_log] = /var/log/fpm-php.www.log -;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M diff --git a/src/deb/for-download/tools/imapsync/create-mail-sync.sh b/src/deb/for-download/tools/imapsync/create-mail-sync.sh index 94762505..e325754e 100644 --- a/src/deb/for-download/tools/imapsync/create-mail-sync.sh +++ b/src/deb/for-download/tools/imapsync/create-mail-sync.sh @@ -35,35 +35,18 @@ fi TESTOPT="" if [[ $TEST -eq 1 ]]; then - TESTOPT="--justlogin" + TESTOPT="--justlogin" fi if [ ! -d "accounts" ]; then mkdir accounts fi if [ -f "accounts/$EMAIL" ]; then - echo "********* EMAIL $EMAIL ALREADY EXISTS !!! ************" + echo "********* $EMAIL ALREADY EXISTS !!! ************" exit 1; exit fi -euser=$(echo $EMAIL | cut -d '@' -f 1) -domain=$(echo $EMAIL | cut -d '@' -f 2) -user=$(/usr/local/vesta/bin/v-search-domain-owner $domain) -if [ "$user" != "" ]; then - echo "=== Email '$EMAIL' has username email part '$euser', domain is '$domain', and belongs to myVesta account: $user" - if [ ! -d "/home/$user/mail/$domain" ]; then - echo "======= Creating '$domail' in MAIL section" - /usr/local/vesta/bin/v-add-mail-domain "$user" "$domain" - fi - if [ ! -d "/home/$user/mail/$domain/$euser" ]; then - echo "======= Creating '$euser' mail account for domain '$domain'" - /usr/local/vesta/bin/v-add-mail-account "$user" "$domain" "$euser" "$PASS2" - echo "" - fi -fi - - echo "Writing to: accounts/$EMAIL" echo "#!/bin/bash @@ -84,20 +67,21 @@ exit; chmod a=rwx accounts/$EMAIL if [[ $TEST -eq 0 ]]; then - exit 0; + exit 0; fi accounts/$EMAIL RET=$? if [ $RET -eq 0 ]; then - # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" - sed -i "s/--justlogin//g" accounts/$EMAIL - echo "--- OK! ---" - echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log + # echo "./create-mail-sync.sh $EMAIL $PASS $PASS2 $TEST" + sed -i "s/--justlogin//g" accounts/$EMAIL + echo "--- OK! ---" + echo "./create-mail-sync.sh '$SRCHOST' '$EMAIL' '$PASS' '$PASS2' $TEST" >> accounts.log else - echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" - rm accounts/$EMAIL - read -p "=== Press ENTER to continue ===" entered + echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" + echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" + echo "********* $EMAIL ERROR !!! [ret: $RET ] ************" + rm accounts/$EMAIL fi exit $RET; diff --git a/src/deb/for-download/tools/imapsync/import-from-file.sh b/src/deb/for-download/tools/imapsync/import-from-file.sh deleted file mode 100644 index ac0c42f4..00000000 --- a/src/deb/for-download/tools/imapsync/import-from-file.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -# -# This script reads email and password=s in following format: -# email1 pass -# email2 pass -# email3 pass - -# The first parameter is the text file from which we read emails and passwords -# The second parameter is SMTP Hostname -# The third parameter is domain if lines contains only username part - - -host='' -if [ $# -gt 1 ]; then - host=$2 -else - echo "Usage: ./import-from-file.sh 'FILE' 'SMTPHOST' ['DOMAIN']" - exit 1; -fi - -domain='' -if [ $# -gt 2 ]; then - domain=$3 -fi - -end_of_file=0 -while [[ $end_of_file == 0 ]]; do - - read -r line - end_of_file=$? - - if [ "$line" == "" ]; then - if [[ $end_of_file == 1 ]]; then - echo "===EOF===" - break; - fi - continue - fi - - email=$(echo "$line" | awk '{print $1}') - pass=$(echo "$line" | awk '{print $2}') - - if [[ $email != *"@"* ]]; then - email="$email@$domain" - fi - - echo "Extracted: '$email' = '$pass'" - - ./create-mail-sync.sh "$host" "$email" "$pass" - - if [[ $end_of_file == 1 ]]; then - echo "===EOF===" - break; - fi - -done < $1 diff --git a/src/deb/for-download/tools/install-new-roundcube.sh b/src/deb/for-download/tools/install-new-roundcube.sh index 0f6a343a..8838e0ab 100644 --- a/src/deb/for-download/tools/install-new-roundcube.sh +++ b/src/deb/for-download/tools/install-new-roundcube.sh @@ -3,7 +3,7 @@ USER='webmail' DOMAIN='' # enter domain or subdomain -VERSION='1.6.6' +VERSION='1.6.1' DOWNLOAD="https://github.com/roundcube/roundcubemail/releases/download/$VERSION/roundcubemail-$VERSION-complete.tar.gz" LOGINMESSAGE1='Click here for NEW Webmail' diff --git a/src/deb/for-download/tools/install-rocket-nginx.sh b/src/deb/for-download/tools/install-rocket-nginx.sh index ca1f8b2a..20364f80 100644 --- a/src/deb/for-download/tools/install-rocket-nginx.sh +++ b/src/deb/for-download/tools/install-rocket-nginx.sh @@ -1,12 +1,5 @@ #!/bin/bash -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-webp-express-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl - echo "Updating apt, please wait..." apt-get update > /dev/null 2>&1 @@ -24,6 +17,9 @@ fi cd rocket-nginx cp rocket-nginx.ini.disabled rocket-nginx.ini php rocket-parser.php -if [ -f "/etc/nginx/rocket-nginx/conf.d/default.conf" ]; then - /usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}' -fi +/usr/local/vesta/bin/v-php-func 'strip_once_in_file_between_including_borders' '/etc/nginx/rocket-nginx/conf.d/default.conf' '# BROWSER MEDIA CACHE' '}' + +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-force-https.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-force-https.stpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.tpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.tpl +wget -nv -O /usr/local/vesta/data/templates/web/nginx/wprocket-hosting.stpl https://c.myvestacp.com/tools/rocket-nginx-templates/wprocket-hosting.stpl diff --git a/src/deb/for-download/tools/multi-php-install.sh b/src/deb/for-download/tools/multi-php-install.sh index aa1b7353..4d86050d 100644 --- a/src/deb/for-download/tools/multi-php-install.sh +++ b/src/deb/for-download/tools/multi-php-install.sh @@ -13,8 +13,6 @@ inst_74=0 inst_80=0 inst_81=0 inst_82=0 -inst_83=0 -inst_84=0 ####################################################################### @@ -58,14 +56,8 @@ fi if [ $# -gt 9 ]; then inst_82=${10} fi -if [ $# -gt 10 ]; then - inst_83=${11} -fi -if [ $# -gt 11 ]; then - inst_84=${12} -fi -if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ] || [ $inst_83 -eq 1 ] || [ $inst_84 -eq 1 ]; then +if [ $inst_56 -eq 1 ] || [ $inst_70 -eq 1 ] || [ $inst_71 -eq 1 ] || [ $inst_72 -eq 1 ] || [ $inst_73 -eq 1 ] || [ $inst_74 -eq 1 ] || [ $inst_80 -eq 1 ] || [ $inst_81 -eq 1 ] || [ $inst_82 -eq 1 ]; then inst_repo=1 fi @@ -95,8 +87,6 @@ echo "inst_74=$inst_74" echo "inst_80=$inst_80" echo "inst_81=$inst_81" echo "inst_82=$inst_82" -echo "inst_83=$inst_83" -echo "inst_84=$inst_84" echo "wait_to_press_enter=$wait_to_press_enter" press_enter "=== Press enter to continue ===============================================================================" @@ -105,12 +95,12 @@ apt update if [ "$inst_repo" -eq 1 ]; then press_enter "=== Press enter to install sury.org repo ===============================================================================" apt -y install apt-transport-https ca-certificates - if [ $debian_version -ge 11 ]; then + if [ $debian_version -ge 10 ]; then wget -nv -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg fi - # if [ $debian_version -eq 10 ]; then - # sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' - # fi + if [ $debian_version -eq 10 ]; then + sh -c 'echo "deb https://packages.sury.org/php/ buster main" > /etc/apt/sources.list.d/php.list' + fi if [ $debian_version -eq 11 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' fi @@ -118,7 +108,7 @@ if [ "$inst_repo" -eq 1 ]; then sh -c 'echo "deb https://packages.sury.org/php/ bookworm main" > /etc/apt/sources.list.d/php.list' fi apt update - # apt upgrade -y + apt upgrade -y press_enter "=== Press enter to continue ===============================================================================" fi @@ -350,63 +340,9 @@ if [ "$inst_82" -eq 1 ]; then press_enter "=== PHP 8.2 installed, press enter to continue ===============================================================================" fi -if [ "$inst_83" -eq 1 ]; then - press_enter "=== Press enter to install PHP 8.3 ===============================================================================" - apt -y install php8.3-mbstring php8.3-bcmath php8.3-cli php8.3-curl php8.3-fpm php8.3-gd php8.3-intl php8.3-mysql php8.3-soap php8.3-xml php8.3-zip php8.3-memcache php8.3-memcached php8.3-imagick - update-rc.d php8.3-fpm defaults - a2enconf php8.3-fpm - a2dismod php8.3 - apt-get -y remove libapache2-mod-php8.3 - systemctl restart apache2 - cp -r /etc/php/8.3/ /root/vst_install_backups/php8.3/ - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.stpl - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.tpl - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.stpl - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.tpl - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-83-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh - chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83.sh - chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-83-public.sh - echo "=== Patching php.ini for php8.3" - wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.3.patch - patch /etc/php/8.3/fpm/php.ini < /root/php8.3.patch - if [ $memory -gt 9999999 ]; then - sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.3/fpm/php.ini - fi - service php8.3-fpm restart - press_enter "=== PHP 8.3 installed, press enter to continue ===============================================================================" -fi -if [ "$inst_84" -eq 1 ]; then - press_enter "=== Press enter to install PHP 8.4 ===============================================================================" - apt -y install php8.4-mbstring php8.4-bcmath php8.4-cli php8.4-curl php8.4-fpm php8.4-gd php8.4-intl php8.4-mysql php8.4-soap php8.4-xml php8.4-zip php8.4-memcache php8.4-memcached php8.4-imagick - update-rc.d php8.4-fpm defaults - a2enconf php8.4-fpm - a2dismod php8.4 - apt-get -y remove libapache2-mod-php8.4 - systemctl restart apache2 - cp -r /etc/php/8.4/ /root/vst_install_backups/php8.4/ - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.stpl - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.tpl - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.stpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.stpl - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.tpl -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.tpl - wget -nv https://c.myvestacp.com/tools/apache-fpm-tpl/PHP-FPM-84-public.sh -O /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh - chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84.sh - chmod a+x /usr/local/vesta/data/templates/web/apache2/PHP-FPM-84-public.sh - echo "=== Patching php.ini for php8.4" - wget -nv https://c.myvestacp.com/tools/patches/php8.2.patch -O /root/php8.4.patch - patch /etc/php/8.4/fpm/php.ini < /root/php8.4.patch - if [ $memory -gt 9999999 ]; then - sed -i "s|opcache.memory_consumption=512|opcache.memory_consumption=2048|g" /etc/php/8.4/fpm/php.ini - fi - service php8.4-fpm restart - press_enter "=== PHP 8.4 installed, press enter to continue ===============================================================================" -fi - - -# apt update > /dev/null 2>&1 -# apt upgrade -y > /dev/null 2>&1 +apt update > /dev/null 2>&1 +apt upgrade -y > /dev/null 2>&1 if [ $debian_version -ge 10 ]; then a2dismod ruid2 > /dev/null 2>&1 @@ -420,44 +356,8 @@ if [ $debian_version -ge 10 ]; then a2dismod php8.0 > /dev/null 2>&1 a2dismod php8.1 > /dev/null 2>&1 a2dismod php8.2 > /dev/null 2>&1 - a2dismod php8.3 > /dev/null 2>&1 - a2dismod php8.4 > /dev/null 2>&1 a2dismod mpm_prefork > /dev/null 2>&1 a2enmod mpm_event > /dev/null 2>&1 apt-get -y remove libapache2-mod-php* > /dev/null 2>&1 service apache2 restart fi - -if [ -f "/usr/share/phpgate/phpgate.php" ]; then - echo "=== upgrading phpgate" - /usr/local/vesta/bin/v-commander 'm' 'inst pgw' 'q' - echo "=== upgrading phpgate done." - echo "" -fi - -if [ -f "/usr/local/bin/tailf_apache_error.php" ]; then - echo "=== upgrading tailf_apache_error.php" - wget -nv http://dl.myvestacp.com/vesta/tailf.php -O /usr/local/bin/tailf.php - wget -nv http://dl.myvestacp.com/vesta/tailf_apache_error.php -O /usr/local/bin/tailf_apache_error.php - wget -nv http://dl.myvestacp.com/vesta/see-apache-processlist-once.sh -O /usr/local/bin/see-apache-processlist-once.sh - wget -nv http://dl.myvestacp.com/vesta/see-mysql-processlist-once.sh -O /usr/local/bin/see-mysql-processlist-once.sh - chmod u+x /usr/local/bin/see-apache-processlist-once.sh - chmod u+x /usr/local/bin/see-mysql-processlist-once.sh - - # ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" - # echo $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') - kill $(ps aux | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" | awk '{print $2}') - sleep 1 - # ps -Af | grep 'tailf_apache_error' | grep -v "grep tailf_apache_error" - # sleep 1 - nohup php /usr/local/bin/tailf_apache_error.php > /var/log/tailf_apache_error.log & - echo "=== upgrading tailf_apache_error.php done." - sleep 3 - echo "" -fi - -# Fixing php.ini files to have the correct disable_functions line -/usr/local/vesta/bin/v-fix-php-ini-disable-functions - -echo "Everything done." -echo "" diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl deleted file mode 100644 index 7597746c..00000000 --- a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.stpl +++ /dev/null @@ -1,56 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - # #ssl_on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - - # BEGIN SMUSH-WEBP - location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" { - root %sdocroot%; - add_header Vary Accept; - expires max; - set $image_path $2; - if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") { - break; - } - if ($http_accept !~* "webp") { - break; - } - # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp; - try_files /wp-content/smush-webp/$image_path.webp $uri =404; - } - # END SMUSH-WEBP - - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/snginx.%domain%.conf*; -} - diff --git a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl b/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl deleted file mode 100644 index 7e408254..00000000 --- a/src/deb/for-download/tools/nginx-templates/hosting-webp-smush.tpl +++ /dev/null @@ -1,52 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - proxy_pass http://%ip%:%web_port%; - - # BEGIN SMUSH-WEBP - location ~* "wp-content\/(uploads\/)(.*.(?:png|jpe?g))" { - root %sdocroot%; - add_header Vary Accept; - expires max; - set $image_path $2; - if (-f "%sdocroot%/wp-content/smush-webp/disable_smush_webp") { - break; - } - if ($http_accept !~* "webp") { - break; - } - # add_header X_WebP_Try /wp-content/smush-webp/$image_path.webp; - try_files /wp-content/smush-webp/$image_path.webp $uri =404; - } - # END SMUSH-WEBP - - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} - diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl deleted file mode 100644 index 3bed6ce3..00000000 --- a/src/deb/for-download/tools/nginx-templates/wp-super-cache.stpl +++ /dev/null @@ -1,87 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - http2 on; - server_name %domain_idn% %alias_idn%; - root %sdocroot%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - set $cache_uri $request_uri; - set $caching 'ON'; - - # POST requests and urls with a query string should always go to PHP - if ($request_method = POST) { - set $caching 'OFF'; - } - - if ($query_string ~* "(fb_action_ids=|fb_action_types=|fb_source=|fbclid=|utm_source=|utm_campaign=|utm_medium=|utm_expid=|utm_term=|utm_content=|utm_id=|utm_source_platform=|utm_creative_format=|utm_marketing_tactic=|_ga=|gclid=|campaignid=|adgroupid=|adid=|gbraid=|wbraid=|_gl=|gclsrc=|gdfms=|gdftrk=|gdffi=|_ke=|_kx=|trk_contact=|trk_msg=|trk_module=|trk_sid=|mc_cid=|mc_eid=|mkwid=|pcrid=|mtm_source=|mtm_medium=|mtm_campaign=|mtm_keyword=|mtm_cid=|mtm_content=|msclkid=|epik=|pp=|pk_source=|pk_medium=|pk_campaign=|pk_keyword=|pk_cid=|pk_content=|redirect_log_mongo_id=|redirect_mongo_id=|sb_referer_host=)") { - set $query_string_cachable 1; - } - - if ($query_string != "") { - set $query_string_cacheable 1$query_string_cacheable; - } - - if ($query_string_cacheable = 11) { - set $caching 'ON'; - } - - if ($query_string_cacheable = 1) { - set $caching 'OFF'; - } - - # Don't cache uris containing the following segments - if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0–9_-]+-sitemap([0–9]+)?.xml)") { - set $caching 'OFF'; - } - - # Don't use the cache for logged-in users or recent commenters - if ($http_cookie ~* "comment_author|wordpress_[a-f0–9]+|wp-postpass|wordpress_logged_in") { - set $caching 'OFF'; - } - - if ($caching = 'ON') { - set $cachefile "/wp-content/cache/supercache/$http_host/$cache_uri/index-https.html"; - set $cachestatus 'HIT'; - } - - if ($caching = 'OFF') { - set $cachestatus 'MISS'; - } - - add_header X-Cache-Status $cachestatus; - add_header X-Cache-File $cachefile; - - location / { - try_files $cachefile @fallback; - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl b/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl deleted file mode 100644 index 5a463370..00000000 --- a/src/deb/for-download/tools/nginx-templates/wp-super-cache.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl index f49e99dc..d66f80be 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-no-https-force.stpl @@ -1,54 +1,53 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl index 1387a879..27dd354b 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000-pass-to-https.stpl @@ -1,8 +1,7 @@ server { - listen %ip%:%proxy_ssl_port% ssl; + listen %ip%:%proxy_ssl_port%; server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; + ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl index f49e99dc..d66f80be 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-3000.stpl @@ -1,54 +1,53 @@ -server { - listen %ip%:%proxy_ssl_port% ssl; - server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - # test %port_num% - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - root %sdocroot%/public; - index index.html; - - location / { - proxy_pass http://localhost:3000; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection 'upgrade'; - proxy_set_header Host $host; - proxy_cache_bypass $http_upgrade; - - - # try_files $uri $uri/ @rewrites; - - location ~* ^.+\.(%proxy_extentions%)$ { - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - } - } - - location @rewrites { - rewrite ^(.+)$ /index.html last; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - +server { + listen %ip%:%proxy_ssl_port%; + server_name %domain_idn% %alias_idn%; + ssl on; + ssl_certificate %ssl_pem%; + ssl_certificate_key %ssl_key%; + error_log /var/log/%web_system%/domains/%domain%.error.log error; + + # test %port_num% + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + root %sdocroot%/public; + index index.html; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + + + # try_files $uri $uri/ @rewrites; + + location ~* ^.+\.(%proxy_extentions%)$ { + access_log /var/log/%web_system%/domains/%domain%.log combined; + access_log /var/log/%web_system%/domains/%domain%.bytes bytes; + expires max; + } + } + + location @rewrites { + rewrite ^(.+)$ /index.html last; + } + + location /error/ { + alias %home%/%user%/web/%domain%/document_errors/; + } + + location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; + location ~ /\.env {return 404;} + location ~ /\.svn/ {return 404;} + location ~ /\.git/ {return 404;} + location ~ /\.hg/ {return 404;} + location ~ /\.bzr/ {return 404;} + + include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; + include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; } \ No newline at end of file diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl index 70fa2866..d8a23009 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-4000-and-websocket-6001.stpl @@ -1,8 +1,7 @@ server { - listen %ip%:%proxy_ssl_port% ssl; + listen %ip%:%proxy_ssl_port%; server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; + ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl index 415b6f9c..a6a0b744 100644 --- a/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl +++ b/src/deb/for-download/tools/nodejs-nginx-templates/node-app-also-handle-static-files-3000.stpl @@ -1,8 +1,7 @@ server { - listen %ip%:%proxy_ssl_port% ssl; + listen %ip%:%proxy_ssl_port%; server_name %domain_idn% %alias_idn%; - # ssl on; - # http2 on; + ssl on; ssl_certificate %ssl_pem%; ssl_certificate_key %ssl_key%; error_log /var/log/%web_system%/domains/%domain%.error.log error; diff --git a/src/deb/for-download/tools/patches/fix-fpm-poold.sh b/src/deb/for-download/tools/patches/fix-fpm-poold.sh index 311ef9cd..94566768 100644 --- a/src/deb/for-download/tools/patches/fix-fpm-poold.sh +++ b/src/deb/for-download/tools/patches/fix-fpm-poold.sh @@ -16,10 +16,10 @@ if [ -d "/etc/php" ]; then find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" - OLDVAL='pm.max_children = ' + OLDVAL='pm.max_children = 8' NEWVAL='pm.max_children = 3' - find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" - find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL.*|$NEWVAL|g" + find /etc/php/*/fpm/pool.d/ -name "*.conf" -type f -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" + find /usr/local/vesta/data/templates/web/apache2/ -type f -name "*.sh" -exec grep -l "$OLDVAL" {} \; | xargs sed -i "s|$OLDVAL|$NEWVAL|g" OLDVAL='request_terminate_timeout = ' NEWVAL='request_terminate_timeout = 360s' diff --git a/src/deb/for-download/tools/patches/php8.2.patch b/src/deb/for-download/tools/patches/php8.2.patch index ed127499..1083a720 100644 --- a/src/deb/for-download/tools/patches/php8.2.patch +++ b/src/deb/for-download/tools/patches/php8.2.patch @@ -5,7 +5,7 @@ ; It receives a comma-delimited list of function names. ; https://php.net/disable-functions -disable_functions = -+disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ++ disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,exec,system,passthru,shell_exec,proc_open,popen ; This directive allows you to disable certain classes. ; It receives a comma-delimited list of class names. diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl index 1f67154e..d770ac6a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2-conn-4.stpl @@ -7,8 +7,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 9; - limit_conn zone_site 25; + limit_conn addr 8; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl index dfd00270..a2f7f9f2 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2-speed-2.stpl @@ -7,8 +7,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 7; - limit_conn zone_site 20; + limit_conn addr 4; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl index 6d632713..6118fa82 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-burst-2.stpl @@ -7,8 +7,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 5; - limit_conn zone_site 15; + limit_conn addr 3; limit_req zone=one burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl deleted file mode 100644 index 5c3f22ac..00000000 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl +++ /dev/null @@ -1,95 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - # ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 10; - limit_conn zone_site 30; - limit_req zone=one burst=28 delay=14; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-admin/ { - limit_conn addr 48; - limit_conn zone_site 60; - limit_req zone=one burst=80 delay=14; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/ { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=one burst=80 delay=14; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_lh { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_route { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_sync { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /wp-config.php {return 404;} - location ~ /xmlrpc.php {return 404;} - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl deleted file mode 100644 index 5a463370..00000000 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl deleted file mode 100644 index b263d6b5..00000000 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl +++ /dev/null @@ -1,95 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - # ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 5; - limit_conn zone_site 15; - limit_req zone=one burst=14 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-admin/ { - limit_conn addr 24; - limit_conn zone_site 30; - limit_req zone=one burst=40 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=one burst=40 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_lh { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_route { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_sync { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /wp-config.php {return 404;} - location ~ /xmlrpc.php {return 404;} - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl deleted file mode 100644 index 5a463370..00000000 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl index db6ab623..b4468a6a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/force-https-firewall.stpl @@ -7,8 +7,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; - limit_conn zone_site 10; + limit_conn addr 2; limit_req zone=one burst=7 delay=3; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl index 8435a72b..df269ad4 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl @@ -7,8 +7,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 9; - limit_conn zone_site 25; + limit_conn addr 8; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl index 2cc5c781..13657bd3 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl @@ -4,8 +4,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 9; - limit_conn zone_site 25; + limit_conn addr 8; limit_req zone=two burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl index 856ebd56..8e0a0f5a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.stpl @@ -7,8 +7,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 7; - limit_conn zone_site 20; + limit_conn addr 4; limit_req zone=two burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl index 5bf3fbf8..a4035844 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2.tpl @@ -4,8 +4,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 7; - limit_conn zone_site 20; + limit_conn addr 4; limit_req zone=two burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl index 5d42830f..9649671d 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.stpl @@ -7,8 +7,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 5; - limit_conn zone_site 15; + limit_conn addr 3; limit_req zone=one burst=14 delay=7; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl index e57dbd1a..9e0edcf8 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-burst-2.tpl @@ -4,8 +4,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 5; - limit_conn zone_site 15; + limit_conn addr 3; limit_req zone=one burst=14 delay=7; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl deleted file mode 100644 index 5c3f22ac..00000000 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl +++ /dev/null @@ -1,95 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - # ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 10; - limit_conn zone_site 30; - limit_req zone=one burst=28 delay=14; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-admin/ { - limit_conn addr 48; - limit_conn zone_site 60; - limit_req zone=one burst=80 delay=14; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/ { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=one burst=80 delay=14; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_lh { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_route { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_sync { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /wp-config.php {return 404;} - location ~ /xmlrpc.php {return 404;} - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl deleted file mode 100644 index 44f6162c..00000000 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl +++ /dev/null @@ -1,92 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 10; - limit_conn zone_site 30; - limit_req zone=one burst=28 delay=14; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-admin/ { - limit_conn addr 48; - limit_conn zone_site 60; - limit_req zone=one burst=80 delay=14; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-json/ { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=one burst=80 delay=14; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_lh { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_route { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_sync { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 16; - limit_conn zone_site 30; - limit_req zone=wfone burst=240; - proxy_pass http://%ip%:%web_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /wp-config.php {return 404;} - location ~ /xmlrpc.php {return 404;} - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} - diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl deleted file mode 100644 index b263d6b5..00000000 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl +++ /dev/null @@ -1,95 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - # ssl on; - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 5; - limit_conn zone_site 15; - limit_req zone=one burst=14 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-admin/ { - limit_conn addr 24; - limit_conn zone_site 30; - limit_req zone=one burst=40 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=one burst=40 delay=7; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_lh { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_route { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location @wordfence_sync { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %sdocroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /wp-config.php {return 404;} - location ~ /xmlrpc.php {return 404;} - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl deleted file mode 100644 index 7203b88c..00000000 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl +++ /dev/null @@ -1,92 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - location / { - error_page 418 = @wordfence_lh; - error_page 419 = @wordfence_route; - error_page 420 = @wordfence_sync; - - if ($request_uri ~ "^/\?wordfence_lh") { return 418; } - if ($request_uri ~ "^/\?rest_route=%2Fwordfence") { return 419; } - if ($request_uri ~ "^/\?wordfence_syncAttackData") { return 420; } - - limit_conn addr 5; - limit_conn zone_site 15; - limit_req zone=one burst=14 delay=7; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-admin/ { - limit_conn addr 24; - limit_conn zone_site 30; - limit_req zone=one burst=40 delay=7; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-json/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=one burst=40 delay=7; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_lh { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_route { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass http://%ip%:%web_port%; - } - - location @wordfence_sync { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass http://%ip%:%web_port%; - } - - location /wp-json/wordfence/ { - limit_conn addr 8; - limit_conn zone_site 15; - limit_req zone=wfone burst=120; - proxy_pass http://%ip%:%web_port%; - } - - location ~* ^.+\.(%proxy_extentions%)$ { - root %docroot%; - access_log /var/log/%web_system%/domains/%domain%.log combined; - access_log /var/log/%web_system%/domains/%domain%.bytes bytes; - expires max; - # try_files $uri @fallback; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass http://%ip%:%web_port%; - } - - location ~ /wp-config.php {return 404;} - location ~ /xmlrpc.php {return 404;} - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/nginx.%domain%.conf*; -} - diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl index 42bc195b..21acb34b 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.stpl @@ -7,8 +7,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; - limit_conn zone_site 10; + limit_conn addr 2; limit_req zone=one burst=7 delay=3; proxy_pass https://%ip%:%web_ssl_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl index 177a71c6..9438e532 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl +++ b/src/deb/for-download/tools/rate-limit-tpl/hosting-firewall.tpl @@ -4,8 +4,7 @@ server { error_log /var/log/%web_system%/domains/%domain%.error.log error; location / { - limit_conn addr 3; - limit_conn zone_site 10; + limit_conn addr 2; limit_req zone=one burst=7 delay=3; proxy_pass http://%ip%:%web_port%; } diff --git a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh index 8f4d4e88..1d128f7a 100644 --- a/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh +++ b/src/deb/for-download/tools/rate-limit-tpl/install_rate_limit_tpl.sh @@ -12,7 +12,7 @@ grepc=$(grep -c 'limit_conn_zone' /etc/nginx/nginx.conf) if [ "$grepc" -eq 0 ]; then - sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf + sed -i 's|server_names_hash_bucket_size 512;|server_names_hash_bucket_size 512;\n limit_conn_zone $binary_remote_addr zone=addr:1m;\n limit_conn_zone $server_name zone=zone_site:1m;\n limit_req_zone $binary_remote_addr zone=one:1m rate=1r/s;\n limit_req_zone $binary_remote_addr zone=two:1m rate=2r/s;\n limit_conn_log_level error;\n limit_req_log_level error;\n limit_conn_status 429;\n limit_req_status 429;|g' /etc/nginx/nginx.conf echo "=== Added rate_limit to nginx.conf" fi @@ -28,12 +28,6 @@ if [ "$grepc" -eq 0 ]; then echo "=== Added rate_limit 'zone_site' to nginx.conf" fi -grepc=$(grep -c 'zone=wfone:1m' /etc/nginx/nginx.conf) -if [ "$grepc" -eq 0 ]; then - sed -i 's| zone=addr:1m;| zone=addr:1m;\n limit_req_zone $scheme zone=wfone:1m rate=1r/s;|g' /etc/nginx/nginx.conf - echo "=== Added rate_limit 'wfone' to nginx.conf" -fi - grepc=$(grep -c 'zone=one:10m' /etc/nginx/nginx.conf) if [ "$grepc" -eq 1 ]; then sed -i 's|zone=one:10m|zone=one:1m|g' /etc/nginx/nginx.conf @@ -66,14 +60,4 @@ wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-burst wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.tpl wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-burst-2-speed-2-conn-4.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-burst-2-speed-2-conn-4.stpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress.stpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress.stpl - -wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/force-https-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/force-https-firewall-wordpress-2.stpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.tpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.tpl -wget -nv -O /usr/local/vesta/data/templates/web/nginx/hosting-firewall-wordpress-2.stpl http://c.myvestacp.com/tools/rate-limit-tpl/hosting-firewall-wordpress-2.stpl - systemctl restart nginx diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl deleted file mode 100644 index 2a6a7671..00000000 --- a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.stpl +++ /dev/null @@ -1,73 +0,0 @@ -server { - listen %ip%:%proxy_ssl_port% ssl http2; - server_name %domain_idn% %alias_idn%; - - ssl_certificate %ssl_pem%; - ssl_certificate_key %ssl_key%; - error_log /var/log/%web_system%/domains/%domain%.error.log error; - - root %sdocroot%; - - # Serve WebP if browser supports it - location ~* ^/wp-content/.*\.(png|jpe?g)$ { - add_header Vary Accept; - expires 365d; - - if ($http_accept !~* "webp") { - break; - } - - try_files - /wp-content/webp-express/webp-images/doc-root/$uri.webp - $uri.webp - @webp_on_demand; - } - - # Route .webp requests to converter if not found - location @webp_on_demand { - proxy_pass https://%ip%:%web_ssl_port%; - } - - # Allow .webp passthrough (trigger php fallback if not found) - location ~* ^/wp-content/.*\.(png|jpe?g)\.webp$ { - try_files - $uri - @webp_realizer; - } - - location @webp_realizer { - proxy_pass https://%ip%:%web_ssl_port%; - } - - # Allow PHP access to WebP Express WOD handler - location ~ ^/wp-content/plugins/webp-express/wod/.*\.php$ { - proxy_pass https://%ip%:%web_ssl_port%; - } - - # Rocket-Nginx configuration - include rocket-nginx/conf.d/default.conf; - - location / { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location /error/ { - alias %home%/%user%/web/%domain%/document_errors/; - } - - location @fallback { - proxy_pass https://%ip%:%web_ssl_port%; - } - - location ~ /\.ht {return 404;} - location ~ /\.env {return 404;} - location ~ /\.svn/ {return 404;} - location ~ /\.git/ {return 404;} - location ~ /\.hg/ {return 404;} - location ~ /\.bzr/ {return 404;} - - disable_symlinks if_not_owner from=%docroot%; - - include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; - include %home%/%user%/conf/web/s%proxy_system%.%domain%.conf*; -} diff --git a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl b/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl deleted file mode 100644 index 5a463370..00000000 --- a/src/deb/for-download/tools/rocket-nginx-templates/wprocket-webp-express-force-https.tpl +++ /dev/null @@ -1,8 +0,0 @@ -server { - listen %ip%:%proxy_port%; - server_name %domain_idn% %alias_idn%; - location / { - rewrite ^(.*) https://$host$1 permanent; - } -include %home%/%user%/conf/web/*nginx.%domain_idn%.conf_letsencrypt; -} diff --git a/src/deb/ioncube/copyright b/src/deb/ioncube/copyright index c62257d2..bd92bd81 100644 --- a/src/deb/ioncube/copyright +++ b/src/deb/ioncube/copyright @@ -1,243 +1,243 @@ -LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE -OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) - -YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE -LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP -LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU -DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY -AND/OR USE THE LOADER SOFTWARE. - -DEFINITIONS - -The following definitions shall apply in this document: - -LOADER shall mean the ionCube PHP Loader software package or collection -of Loaders, including any modifications or upgrades to the software, used for -executing PHP scripts previously encoded with the ionCube PHP Encoder -software to render them non-humanly readable, and any associated -documentation or electronic or online materials relating to the software. - -ENCODER shall mean any ionCube PHP Encoder software or service used for the -purpose of producing non-humanly readable encoded files from PHP scripts. - -ENCODED FILE shall mean a non-humanly readable file produced by the -Encoder and being derived from humanly readable PHP script source. - -PROVIDER shall mean ionCube Ltd. - -USER/YOU shall mean any entity who has downloaded or obtained through any -other means a version of the Loader software. - - -1 LICENSE ENTITLEMENT - -1.1 The Loader is provided without charge. Title to the Loader does not pass -to the user in any circumstances. The Loader is supplied as object code. - -1.2 The provider grants a personal, non-transferable, non-exclusive licence to -use the Loader in accordance with the terms and conditions of this Licence -Agreement. - -1.3 The installation or downloading and use of the Loader entitles the user -to install and use the Loader for its own internal lawful purposes. - - -2 DISTRIBUTION - -2.1 The Loader may be freely distributed to third parties alone or as -part of a distribution containing other items provided that this license -is also included. - -2.2 The Loader may under no circumstances be branded as another product, -whether distributed or not. - -2.3 Distribution as part of a commercial product is permitted provided such -distribution is in accordance with clauses 2.1 and 2.2 with respect to the -Loader. - - -3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION - -Except insofar as the user is permitted to do so in accordance with applicable -law: - -3.1 Any analysis of the Loader and embedded data by any means and by -any entity whether human or otherwise and including but without limitation to -discover details of internal operation, to reverse engineer, to de-compile -object code, or to modify for the purposes of modifying behaviour is -forbidden. - -3.2 Any analysis of encoded files by any means and by any entity whether human -or otherwise and including but without limitation to discover details of file -format or for the purposes of modifying behaviour or scope of their usage is -forbidden. - - -4 WARRANTY - -THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED -WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE -DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED -OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN -CONJUNCTION WITH ANY OTHER PRODUCT. - - -5 LIMITATION OF LIABILITY - -5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY -PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER -CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE -AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS -EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. - -5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL -WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING -FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR -OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY -LAW. - -5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT -ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS -A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS -OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE -PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH -DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS -TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. - -5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS -LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE -PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. - -5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY -E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY -THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING -TRANSMISSION. - - -6 BUG FIXING AND PRODUCT SUPPORT - -6.1 The provider will use reasonable endeavours to provide support to users. -The provider will at their discretion only provide support for the latest -release. - -6.2 Support comprises of fault reporting via tickets and fault diagnosis, -recommendations on workarounds, and where reasonably possible a timely -resolution. - -6.3 The user accepts that on occasion the ability of the provider to meet -anticipated or published support schedules may be impaired due to, but without -limitation, Internet service provider failures or software failures that -affect the ability to communicate for an indeterminate period. - -6.4 The provider reserves the right to refuse to provide support at any time. - -6.5 The provider wishes to maintain and offer a product of the highest -possible quality, and accordingly may from time to time and at its discretion -make product changes for the purpose of correcting behaviour in variance to -the published specification or the user's reasonable expectations. - -6.6 The provider reserves the right to charge for support where the user does -not have a valid support plan in place, or where the support offered exceeds -the scope of the active support plan. - - -7 PRODUCT UPGRADES - -7.1 The provider may from time to time release product upgrades. These will -be provided free of charge and attempts made to provide a timely notification -to customers of the existence of any new release. - - -8 ERRORS AND OMISSIONS - -Whilst reasonable endeavours are made to ensure the accuracy of documentation -concerning the details of the Loader, the user accepts the possibility of -inaccuracies in information presented in any format, including email -communications and online services. The provider shall under no circumstances -be liable for any events that arise as a result of unintentional inaccuracies -or omissions. - - -9 USER INDEMNITY - -You agree to fully indemnify, defend and hold the provider harmless -immediately upon demand from and against all actions, liability, claims, -losses, damages, costs and expenses (including legal/attorney fees) incurred -by the provider arising directly or indirectly as a result of your breach of -this Licence Agreement. - - -10 INTELLECTUAL PROPERTY RIGHTS - -10.1 The user acknowledges that the Loader and associated documentation and -materials contain proprietary information of the provider and are and shall -remain the exclusive property of the provider and/or its licensors and all -title, copyright, trade marks, trade names, patents and other intellectual -property rights therein of whatever nature shall remain the sole property of -the provider and/or its licensors. - -10.2 No title to or rights of ownership, copyright or other intellectual -property in the Loader is transferred to the user (other than the licence -rights expressly granted in this Licence Agreement). - - -11 TERMINATION - -11.1 The provider reserves the right to terminate this Licence Agreement -immediately by notice in writing against the user if the user is in breach of -any terms and conditions of this Licence Agreement. - -11.2 Termination of this Licence Agreement for any reason shall be without -prejudice to any other rights or remedies of the provider which may have -arisen on or before the date of termination under this Licence Agreement or in -law. - -11.3 The provisions of the following clauses shall survive any termination of -this agreement; clause 3, 5, 10 and 13. - - -12 GENERAL - -12.1 The provider reserves the right to transfer or assign all or any of its -rights and duties and responsibilities set out in this Licence Agreement to -another party. - -12.2 Headings have been included for convenience only and will not be used in -construing any provision of this Licence Agreement. - -12.3 No delay or failure by the provider to exercise any powers, rights or -remedies under this Licence Agreement will operate as a waiver of them nor -will any single or partial exercise of any such powers, rights or remedies -include any other or further exercise of them. - -12.4 If any part of this Licence Agreement is found by a court of competent -jurisdiction or other competent authority to be invalid, unlawful or -unenforceable then such part shall be severed from the remainder of this -Licence Agreement which will continue to be valid and enforceable to the -fullest extent permitted by applicable law. - -12.5 This Licence Agreement including the documents or other sources referred -to herein supersede all prior representations, understandings and agreements -between the user and the provider relating to the Loader and sets forth the -entire agreement and understanding between the user and the provider relating -to the Loader. - -12.6 Nothing in this Licence Agreement shall be deemed to constitute a -partnership between you and the provider nor constitute either party being an -agent of the other party. - -12.7 This Agreement does not create any rights or benefits enforceable by any -person not a party to it (within the meaning of the U.K.Contracts (Rights of -Third Parties) Act 1999) except that a person who under clause 12.1 is a -permitted successor or assignee of the rights or benefits of the provider may -enforce such rights or benefits. - - -13 GOVERNING LAW AND JURISDICTION - -This License Agreement and any issues relating thereto shall be construed and -interpreted in accordance with the laws of England and subject to the -exclusive jurisdiction of the English courts. - -Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 +LICENCE AGREEMENT FOR THE IONCUBE PHP LOADER, PROVIDED TO ENABLE THE USE +OF IONCUBE ENCODED FILES AND AS PART OF THE IONCUBE24 SERVICE (ioncube24.com) + +YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE USING THE +LOADER SOFTWARE. THE INSTALLATION AND/OR USE OR COPYING OF THE IONCUBE PHP +LOADER SOFTWARE INDICATES YOUR ACCEPTANCE OF THIS LICENCE AGREEMENT. IF YOU +DO NOT ACCEPT THE TERMS OF THIS LICENCE AGREEMENT, DO NOT INSTALL, COPY +AND/OR USE THE LOADER SOFTWARE. + +DEFINITIONS + +The following definitions shall apply in this document: + +LOADER shall mean the ionCube PHP Loader software package or collection +of Loaders, including any modifications or upgrades to the software, used for +executing PHP scripts previously encoded with the ionCube PHP Encoder +software to render them non-humanly readable, and any associated +documentation or electronic or online materials relating to the software. + +ENCODER shall mean any ionCube PHP Encoder software or service used for the +purpose of producing non-humanly readable encoded files from PHP scripts. + +ENCODED FILE shall mean a non-humanly readable file produced by the +Encoder and being derived from humanly readable PHP script source. + +PROVIDER shall mean ionCube Ltd. + +USER/YOU shall mean any entity who has downloaded or obtained through any +other means a version of the Loader software. + + +1 LICENSE ENTITLEMENT + +1.1 The Loader is provided without charge. Title to the Loader does not pass +to the user in any circumstances. The Loader is supplied as object code. + +1.2 The provider grants a personal, non-transferable, non-exclusive licence to +use the Loader in accordance with the terms and conditions of this Licence +Agreement. + +1.3 The installation or downloading and use of the Loader entitles the user +to install and use the Loader for its own internal lawful purposes. + + +2 DISTRIBUTION + +2.1 The Loader may be freely distributed to third parties alone or as +part of a distribution containing other items provided that this license +is also included. + +2.2 The Loader may under no circumstances be branded as another product, +whether distributed or not. + +2.3 Distribution as part of a commercial product is permitted provided such +distribution is in accordance with clauses 2.1 and 2.2 with respect to the +Loader. + + +3 ANALYSIS / REVERSE ENGINEERING / MODIFICATION + +Except insofar as the user is permitted to do so in accordance with applicable +law: + +3.1 Any analysis of the Loader and embedded data by any means and by +any entity whether human or otherwise and including but without limitation to +discover details of internal operation, to reverse engineer, to de-compile +object code, or to modify for the purposes of modifying behaviour is +forbidden. + +3.2 Any analysis of encoded files by any means and by any entity whether human +or otherwise and including but without limitation to discover details of file +format or for the purposes of modifying behaviour or scope of their usage is +forbidden. + + +4 WARRANTY + +THE LOADER SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED +WARRANTIES INCLUDING BUT WITHOUT LIMITATION THE IMPLIED WARRANTIES +OF MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE ARE +DISCLAIMED. THE PROVIDER DOES NOT WARRANT THAT THE LOADER IS UNINTERRUPTED +OR ERROR FREE, NOR THAT THE OPERATION OF THE LOADER WILL FUNCTION IN +CONJUNCTION WITH ANY OTHER PRODUCT. + + +5 LIMITATION OF LIABILITY + +5.1 IN NO EVENT WILL THE PROVIDER OF THE LOADER BE LIABLE TO THE USER OR ANY +PARTY FOR ANY DIRECT, INDIRECT, PUNITIVE, SPECIAL, INCIDENTAL OR OTHER +CONSEQUENTIAL DAMAGES ARISING DIRECTLY OR INDIRECTLY FROM THIS LICENCE +AGREEMENT OR ANY USE OF THE LOADER OR ENCODED FILES, EVEN IF THE PROVIDER IS +EXPRESSLY ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +5.2 THE LOADER IS PROVIDED ON AN "AS IS" BASIS. THE PROVIDER EXCLUDES ALL +WARRANTIES, CONDITIONS, TERMS, UNDERTAKINGS AND REPRESENTATIONS (EXCLUDING +FRAUDULENT MISREPRESENTATION) OF ANY KIND, EXPRESS OR IMPLIED, STATUTORY OR +OTHERWISE IN CONNECTION WITH THE LOADER TO THE FULLEST EXTENT PERMITTED BY +LAW. + +5.3 DOWNLOADING THE LOADER IS AT YOUR OWN RISK AND THE PROVIDER DOES NOT +ACCEPT LIABILITY FOR ANY DIRECT OR INDIRECT LOSS OR DAMAGE HOWSOEVER CAUSED AS +A RESULT OF ANY COMPUTER VIRUSES, BUGS, TROJAN HORSES, WORMS, SOFTWARE BOMBS +OR OTHER SIMILAR PROGRAMS ARISING FROM YOUR USE OF THE LOADER. WHILST THE +PROVIDER WILL DO ITS BEST TO ENSURE THAT THE LOADER IS FREE FROM SUCH +DESTRUCTIVE PROGRAMS, IT IS YOUR RESPONSIBILITY TO TAKE REASONABLE PRECAUTIONS +TO SCAN FOR SUCH DESTRUCTIVE PROGRAMS DOWNLOADED FROM THE INTERNET. + +5.4 THE PROVIDER'S MAXIMUM LIABILITY FOR ANY LOSS OR DAMAGE ARISING FROM THIS +LICENCE AGREEMENT SHALL IN ANY EVENT BE LIMITED IN THE SOLE DISCRETION OF THE +PROVIDER TO THE REPLACEMENT OF THE LOADER PRODUCT. + +5.5 DUE TO THE NATURE OF THE INTERNET, THE PROVIDER CANNOT GUARANTEE THAT ANY +E-MAILS OR OTHER ELECTRONIC TRANSMISSIONS WILL BE SENT TO YOU OR RECEIVED BY +THE PROVIDER OR THAT THE CONTENT OF SUCH TRANSMISSIONS WILL BE SECURE DURING +TRANSMISSION. + + +6 BUG FIXING AND PRODUCT SUPPORT + +6.1 The provider will use reasonable endeavours to provide support to users. +The provider will at their discretion only provide support for the latest +release. + +6.2 Support comprises of fault reporting via tickets and fault diagnosis, +recommendations on workarounds, and where reasonably possible a timely +resolution. + +6.3 The user accepts that on occasion the ability of the provider to meet +anticipated or published support schedules may be impaired due to, but without +limitation, Internet service provider failures or software failures that +affect the ability to communicate for an indeterminate period. + +6.4 The provider reserves the right to refuse to provide support at any time. + +6.5 The provider wishes to maintain and offer a product of the highest +possible quality, and accordingly may from time to time and at its discretion +make product changes for the purpose of correcting behaviour in variance to +the published specification or the user's reasonable expectations. + +6.6 The provider reserves the right to charge for support where the user does +not have a valid support plan in place, or where the support offered exceeds +the scope of the active support plan. + + +7 PRODUCT UPGRADES + +7.1 The provider may from time to time release product upgrades. These will +be provided free of charge and attempts made to provide a timely notification +to customers of the existence of any new release. + + +8 ERRORS AND OMISSIONS + +Whilst reasonable endeavours are made to ensure the accuracy of documentation +concerning the details of the Loader, the user accepts the possibility of +inaccuracies in information presented in any format, including email +communications and online services. The provider shall under no circumstances +be liable for any events that arise as a result of unintentional inaccuracies +or omissions. + + +9 USER INDEMNITY + +You agree to fully indemnify, defend and hold the provider harmless +immediately upon demand from and against all actions, liability, claims, +losses, damages, costs and expenses (including legal/attorney fees) incurred +by the provider arising directly or indirectly as a result of your breach of +this Licence Agreement. + + +10 INTELLECTUAL PROPERTY RIGHTS + +10.1 The user acknowledges that the Loader and associated documentation and +materials contain proprietary information of the provider and are and shall +remain the exclusive property of the provider and/or its licensors and all +title, copyright, trade marks, trade names, patents and other intellectual +property rights therein of whatever nature shall remain the sole property of +the provider and/or its licensors. + +10.2 No title to or rights of ownership, copyright or other intellectual +property in the Loader is transferred to the user (other than the licence +rights expressly granted in this Licence Agreement). + + +11 TERMINATION + +11.1 The provider reserves the right to terminate this Licence Agreement +immediately by notice in writing against the user if the user is in breach of +any terms and conditions of this Licence Agreement. + +11.2 Termination of this Licence Agreement for any reason shall be without +prejudice to any other rights or remedies of the provider which may have +arisen on or before the date of termination under this Licence Agreement or in +law. + +11.3 The provisions of the following clauses shall survive any termination of +this agreement; clause 3, 5, 10 and 13. + + +12 GENERAL + +12.1 The provider reserves the right to transfer or assign all or any of its +rights and duties and responsibilities set out in this Licence Agreement to +another party. + +12.2 Headings have been included for convenience only and will not be used in +construing any provision of this Licence Agreement. + +12.3 No delay or failure by the provider to exercise any powers, rights or +remedies under this Licence Agreement will operate as a waiver of them nor +will any single or partial exercise of any such powers, rights or remedies +include any other or further exercise of them. + +12.4 If any part of this Licence Agreement is found by a court of competent +jurisdiction or other competent authority to be invalid, unlawful or +unenforceable then such part shall be severed from the remainder of this +Licence Agreement which will continue to be valid and enforceable to the +fullest extent permitted by applicable law. + +12.5 This Licence Agreement including the documents or other sources referred +to herein supersede all prior representations, understandings and agreements +between the user and the provider relating to the Loader and sets forth the +entire agreement and understanding between the user and the provider relating +to the Loader. + +12.6 Nothing in this Licence Agreement shall be deemed to constitute a +partnership between you and the provider nor constitute either party being an +agent of the other party. + +12.7 This Agreement does not create any rights or benefits enforceable by any +person not a party to it (within the meaning of the U.K.Contracts (Rights of +Third Parties) Act 1999) except that a person who under clause 12.1 is a +permitted successor or assignee of the rights or benefits of the provider may +enforce such rights or benefits. + + +13 GOVERNING LAW AND JURISDICTION + +This License Agreement and any issues relating thereto shall be construed and +interpreted in accordance with the laws of England and subject to the +exclusive jurisdiction of the English courts. + +Copyright (c) 2002-2017 ionCube Ltd. Last revised 23-April-2015 diff --git a/src/deb/latest.txt b/src/deb/latest.txt index dcb1761c..93fae7fa 100644 --- a/src/deb/latest.txt +++ b/src/deb/latest.txt @@ -1 +1 @@ -vesta-0.9.9-0-13 \ No newline at end of file +vesta-0.9.9-0-5 diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index 186f54d5..e53fee72 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -21,141 +21,9 @@ if [ ! -d "/usr/local/vesta/data/upgrades" ]; then mkdir -p /usr/local/vesta/data/upgrades fi -VESTA="/usr/local/vesta" - # show changelog after update -echo "1" > /usr/local/vesta/data/upgrades/show_changelog -chmod a=rw /usr/local/vesta/data/upgrades/show_changelog - -# SSL fix for Apache 2.4.65+ -if [ ! -f "/usr/local/vesta/data/upgrades/fixssl.conf" ]; then - if [ "$release" -ge 11 ]; then - if [ -f "/etc/apache2/apache2.conf" ] && [ -f "/etc/nginx/nginx.conf" ] && [ ! -f "/etc/nginx/conf.d/fixssl.conf" ]; then - echo "== Fixing SSL for Apache 2.4.65+" - echo -e "proxy_ssl_server_name on;\nproxy_ssl_name \$host;\nproxy_ssl_session_reuse off;" > /etc/nginx/conf.d/fixssl.conf - touch /usr/local/vesta/data/upgrades/fixssl.conf - nginx_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'nginx' | grep -c 'running') - if [ $nginx_running -eq 1 ]; then - echo "== Restarting Nginx" - systemctl restart nginx - fi - fi - fi -fi - -# Adding cron job for disk usage snapshot -if [ ! -f "/usr/local/vesta/data/upgrades/v-df-snapshot-make" ]; then - if ! grep -q "v-df-snapshot-make" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Adding cron job for disk usage snapshot" - command="sudo $VESTA/bin/v-df-snapshot-make" - $VESTA/bin/v-add-cron-job 'admin' '05' '04' '*' '*' '*' "$command" - touch /usr/local/vesta/data/upgrades/v-df-snapshot-make - systemctl restart cron.service - fi - if ! grep -q "v-df-snapshot-logs-cleaner" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Adding cron job for disk usage snapshot logs cleaner" - command="sudo $VESTA/bin/v-df-snapshot-logs-cleaner" - $VESTA/bin/v-add-cron-job 'admin' '10' '04' '*' '*' '*' "$command" - touch /usr/local/vesta/data/upgrades/v-df-snapshot-make - systemctl restart cron.service - fi -fi - -# Fixing PHP and .env permissions and ownership for all websites -if [ ! -f "/usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php" ]; then - # Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" - if grep -q "fix-website-permissions-for-all-websites" /usr/local/vesta/data/users/admin/cron.conf; then - if ! grep -q "fix-website-permissions-for-all-websites-only-php" /usr/local/vesta/data/users/admin/cron.conf; then - echo "== Renaming fix-website-permissions-for-all-websites to fix-website-permissions-for-all-websites-only-php" - sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /usr/local/vesta/data/users/admin/cron.conf - sed -i 's|v-fix-website-permissions-for-all-websites > /dev/null 2>&1|v-fix-website-permissions-for-all-websites-only-php|' /var/spool/cron/crontabs/admin - sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /usr/local/vesta/data/users/admin/cron.conf - sed -i 's|v-fix-website-permissions-for-all-websites |v-fix-website-permissions-for-all-websites-only-php |' /var/spool/cron/crontabs/admin - systemctl restart cron.service - fi - fi - echo "== Fixing PHP and .env permissions and ownership for all websites" - command="sudo $VESTA/bin/v-fix-website-permissions-for-all-websites-only-php" - $VESTA/bin/v-add-cron-job 'admin' '05' '03' '*' '*' '*' "$command" - touch /usr/local/vesta/data/upgrades/fix-website-permissions-for-all-websites-only-php - systemctl restart cron.service -fi - -if ! grep -q "FILEMANAGER_KEY='FREEFM'" /usr/local/vesta/conf/vesta.conf; then - echo "== Adding FileManager license to vesta.conf" - echo "FILEMANAGER_KEY='FREEFM'" >> /usr/local/vesta/conf/vesta.conf -fi - -if [ -f "/root/.bash_profile" ]; then - if ! grep -q "v-cd-www" /root/.bash_profile; then - echo "== Adding v-cd-www alias to root bash profile" - echo "alias v-cd-www='source /usr/local/vesta/bin/v-change-dir-www'" >> /root/.bash_profile - fi -fi - -# Adding myVesta rules to SpamAssassin -if [ -d "/etc/spamassassin" ]; then - spamassassin_modified=0 - if [ ! -f "/etc/spamassassin/myvesta.cf" ]; then - touch /etc/spamassassin/myvesta.cf - fi - if ! grep -q 'RCVD_IN_RP_SAFE' /etc/spamassassin/myvesta.cf; then - echo "== Adding RCVD_IN_RP_ myVesta rules to SpamAssassin" - echo 'score RCVD_IN_RP_SAFE 0' >> /etc/spamassassin/myvesta.cf - echo 'score RCVD_IN_RP_CERTIFIED 0' >> /etc/spamassassin/myvesta.cf - spamassassin_modified=1 - fi - if ! grep -q 'SPF_FAIL' /etc/spamassassin/myvesta.cf; then - echo "== Adding SPF_FAIL myVesta rules to SpamAssassin" - cat <> /etc/spamassassin/myvesta.cf -score SPF_FAIL 3.0 -score SPF_SOFTFAIL 4.0 -score SPF_NONE 4.0 -EOF - spamassassin_modified=1 - fi - - if [ $spamassassin_modified -eq 1 ]; then - spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') - if [ $spamassassin_running -eq 1 ]; then - echo "== Restarting SpamAssassin" - if [ "$release" -lt 12 ]; then - systemctl restart spamassassin.service - else - systemctl restart spamd.service - fi - fi - fi -fi - -# Adding ProFTPD to Fail2Ban -if [ -f "/etc/fail2ban/jail.local" ] && [ -f "/etc/proftpd/proftpd.conf" ]; then - if ! grep -q 'proftpd' /etc/fail2ban/jail.local; then - echo "== Adding ProFTPD to Fail2Ban" - cat <> /etc/fail2ban/jail.local - -[proftpd] -enabled = true -filter = proftpd -action = vesta[name=FTP] -port = ftp,ftp-data,ftps,ftps-data -logpath = %(proftpd_log)s -backend = %(proftpd_backend)s -maxretry = 5 -EOF - fail2ban_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'fail2ban' | grep -c 'running') - if [ $fail2ban_running -eq 1 ]; then - echo "== Restarting Fail2Ban" - systemctl restart fail2ban - fi - fi -fi - -# Removing SpamHaus DNSBL -if [ ! -f "/usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed" ]; then - sed -i '/zen.spamhaus.org/d' /etc/exim4/dnsbl.conf - touch /usr/local/vesta/data/upgrades/spamhaus_dnsbl_removed -fi +# echo "1" > /usr/local/vesta/data/upgrades/show_changelog +# chmod a=rw /usr/local/vesta/data/upgrades/show_changelog # Fixing 'dh key too small' in dovecot if [ -f "/var/log/dovecot.log.1" ] && [ -f "/etc/dovecot/conf.d/10-ssl.conf" ] && [ -f "/usr/share/dovecot/dh.pem" ]; then @@ -225,18 +93,14 @@ fi # Adding Barracuda RBL to SpamAssassin if [ ! -f "/usr/local/vesta/data/upgrades/barracuda_rbl" ]; then spamassassin_installed=$(/usr/local/vesta/bin/v-list-sys-services | grep -c 'spamassassin') - spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin\|spamd' | grep -c 'running') + spamassassin_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'spamassassin' | grep -c 'running') if [ $spamassassin_installed -eq 1 ]; then echo "== Adding Barracuda RBL to SpamAssassin" wget -nv -O /etc/spamassassin/barracuda.cf http://c.myvestacp.com/tools/spamassassin/barracuda.cf fi if [ $spamassassin_running -eq 1 ]; then echo "== Restarting SpamAssassin" - if [ "$release" -lt 12 ]; then - systemctl restart spamassassin.service - else - systemctl restart spamd.service - fi + systemctl restart spamassassin fi touch /usr/local/vesta/data/upgrades/barracuda_rbl fi @@ -293,11 +157,7 @@ if [ ! -f "/usr/local/vesta/data/upgrades/enable-tls-in-proftpd" ]; then echo "== Enabling TLS for ProFTPD FTPS" wget -nv https://c.myvestacp.com/debian/10/proftpd/tls.conf -O /etc/proftpd/tls.conf sed -i "s|AuthPAMConfig|Include /etc/proftpd/tls.conf\n\nAuthPAMConfig|g" /etc/proftpd/proftpd.conf - proftpd_running=$(/usr/local/vesta/bin/v-list-sys-services | grep 'proftpd' | grep -c 'running') - if [ $proftpd_running -eq 1 ]; then - echo "== Restarting ProFTPD" - systemctl restart proftpd - fi + systemctl restart proftpd fi fi fi diff --git a/src/deb/vesta_compile.sh b/src/deb/vesta_compile.sh index 2d0e4874..a80316d9 100644 --- a/src/deb/vesta_compile.sh +++ b/src/deb/vesta_compile.sh @@ -7,8 +7,8 @@ build_deb_package=1 add_deb_to_apt_repo=0 -TARGET_DEB_NAME='trixie' -TARGET_DEB_VER='13' +TARGET_DEB_NAME='bookworm' +TARGET_DEB_VER='12' run_apt_update_and_install=1 wait_to_press_enter=1 @@ -31,8 +31,8 @@ fi MAINTAINER_EMAIL='info@myvestacp.com' -TARGET_DEB_NAME_MAIN='trixie' -TARGET_DEB_VER_MAIN='13' +TARGET_DEB_NAME_MAIN='bookworm' +TARGET_DEB_VER_MAIN='12' # Set compiling directory BUILD_DIR="/usr/src/$TARGET_DEB_NAME" @@ -58,12 +58,11 @@ BUILD_DATE=$(date +"%d-%b-%Y") # Set Version for compiling VESTA_V=$VESTA_VER"_amd64" - -NGINX_V='1.29.1' -PHP_V='8.4.11' -OPENSSL_V='1.1.1w' +NGINX_V='1.25.1' +OPENSSL_V='1.1.1u' PCRE_V='8.45' -ZLIB_V='1.3.1' +ZLIB_V='1.2.13' +PHP_V='5.6.40' # Generate Links for sourcecode NGINX='https://nginx.org/download/nginx-'$NGINX_V'.tar.gz' @@ -74,7 +73,7 @@ OPENSSL='https://www.openssl.org/source/openssl-'$OPENSSL_V'.tar.gz' PCRE='https://sourceforge.net/projects/pcre/files/pcre/'$PCRE_V'/pcre-'$PCRE_V'.tar.gz/download' # Zlib moved archives to Github ZLIB='https://github.com/madler/zlib/archive/refs/tags/v'$ZLIB_V'.tar.gz' -PHP='https://www.php.net/distributions/php-'$PHP_V'.tar.gz' +PHP='http://de2.php.net/distributions/php-'$PHP_V'.tar.gz' # Set package dependencies for compiling release=$(cat /etc/debian_version | tr "." "\n" | head -n1) @@ -82,7 +81,7 @@ release=$(cat /etc/debian_version | tr "." "\n" | head -n1) if [ "$release" -lt 12 ]; then SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro dpkg-sig git rsync' else - SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync libsqlite3-dev libonig-dev' + SOFTWARE='build-essential libxml2-dev libz-dev libcurl4-gnutls-dev unzip openssl libssl-dev pkg-config reprepro git rsync' fi function press_enter { @@ -131,9 +130,6 @@ if [ $run_apt_update_and_install -eq 1 ]; then if [ ! -e /usr/local/include/curl ] && [ "$release" -lt 12 ]; then ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl fi - if [ ! -e /usr/local/include/curl ] && [ "$release" -eq 13 ]; then - ln -s /usr/include/x86_64-linux-gnu/curl /usr/local/include/curl - fi press_enter "=== Press enter to continue ===============================================================================" fi @@ -262,7 +258,6 @@ EOF press_enter "*** please copy above generated key to your clipboard and then paste it after pressing enter now ***" vi $PATH_OF_APT_REPO_ROOT/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/deb_signing.key - cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/13/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/12/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/11/deb_signing.key cp $PATH_OF_APT_REPO_ROOT/deb_signing.key $PATH_OF_C_WEB_FOLDER_ROOT/debian/10/deb_signing.key @@ -453,34 +448,6 @@ if [ "$CWEB_B" = true ]; then tar -czf dovecot.tar.gz dovecot/ echo "=== All done for Debian12" ########## - cd $PATH_OF_C_WEB_FOLDER_ROOT/debian/13 - - if [ -f "packages.tar.gz" ]; then - rm packages.tar.gz - fi - tar -czf packages.tar.gz packages/ - - if [ -f "templates.tar.gz" ]; then - rm templates.tar.gz - fi - tar -czf templates.tar.gz templates/ - - if [ -f "firewall.tar.gz" ]; then - rm firewall.tar.gz - fi - tar -czf firewall.tar.gz firewall/ - - if [ -f "fail2ban.tar.gz" ]; then - rm fail2ban.tar.gz - fi - tar -czf fail2ban.tar.gz fail2ban/ - - if [ -f "dovecot.tar.gz" ]; then - rm dovecot.tar.gz - fi - tar -czf dovecot.tar.gz dovecot/ - echo "=== All done for Debian13" - ########## cp /root/vesta/install/vst-install-debian.sh $PATH_OF_C_WEB_FOLDER_ROOT/vst-install-debian.sh @@ -531,7 +498,7 @@ if [ "$NGINX_B" = true ]; then --with-openssl-opt=no-weak-ssl-ciphers \ --with-openssl-opt=no-ssl3 \ --with-pcre=../pcre-$PCRE_V \ - --with-pcre-jit \ + --with-pcre-jit \ --with-zlib=../zlib-$ZLIB_V # Check install directory and remove if exists @@ -626,10 +593,11 @@ if [ "$PHP_B" = true ]; then --with-zlib \ --with-fpm-user=admin \ --with-fpm-group=admin \ + --with-mysql \ --with-mysqli \ --with-curl \ --enable-mbstring \ - --with-mysql-sock=/var/run/mysqld/mysqld.sock + --with-mysql-sock=/var/run/mysqld/mysqld.sock # Check install directory and remove if exists if [ -d $INSTALL_DIR/php ]; then @@ -637,7 +605,7 @@ if [ "$PHP_B" = true ]; then fi press_enter "=== Press enter to compile PHP ===============================================================================" - + make && make install press_enter "=== Press enter to continue ===============================================================================" diff --git a/web/add/dns/index.php b/web/add/dns/index.php index b9e47abe..7c18faab 100644 --- a/web/add/dns/index.php +++ b/web/add/dns/index.php @@ -80,7 +80,7 @@ if (!empty($_POST['ok'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] = __('DNS_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); unset($v_domain); } } @@ -128,7 +128,7 @@ if (!empty($_POST['ok_rec'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST['v_rec']),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] = __('DNS_RECORD_CREATED_OK',htmlentities($_POST[v_rec]),htmlentities($_POST[v_domain])); unset($v_domain); unset($v_rec); unset($v_val); diff --git a/web/add/mail/index.php b/web/add/mail/index.php index 6a8b6e9f..c761139c 100644 --- a/web/add/mail/index.php +++ b/web/add/mail/index.php @@ -186,7 +186,7 @@ if (!empty($_POST['ok_acc'])) { // Flush field values on success if (empty($_SESSION['error_msg'])) { - $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain']),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] = __('MAIL_ACCOUNT_CREATED_OK',htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain]),htmlentities(strtolower($_POST['v_account'])),htmlentities($_POST[v_domain])); $_SESSION['ok_msg'] .= " / " . __('open webmail') . ""; unset($v_account); unset($v_password); diff --git a/web/add/web/index.php b/web/add/web/index.php index e11cff23..d77b8f40 100644 --- a/web/add/web/index.php +++ b/web/add/web/index.php @@ -323,7 +323,7 @@ if (!empty($_POST['ok'])) { } if (!empty($_SESSION['error_msg']) && $domain_added) { - $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST['v_domain']),htmlentities($_POST['v_domain'])); + $_SESSION['ok_msg'] = __('WEB_DOMAIN_CREATED_OK',htmlentities($_POST[v_domain]),htmlentities($_POST[v_domain])); $_SESSION['flash_error_msg'] = $_SESSION['error_msg']; $url = '/edit/web/?domain='.strtolower(preg_replace("/^www\./i", "", $_POST['v_domain'])); header('Location: ' . $url); diff --git a/web/css/styles.min.css b/web/css/styles.min.css index d84a6a85..374b458c 100644 --- a/web/css/styles.min.css +++ b/web/css/styles.min.css @@ -4236,29 +4236,3 @@ div.ui-dialog + div div{ padding: 5px 10px !important; border-radius: 13px; } - -.get-ip-info-btn { - cursor: pointer; - margin-left: 10px; -} -.get-ip-info-btn:hover { - color: #000000; -} -.get-ip-info-btn + .get-ip-info-result { - margin: 10px 0; -} -.get-ip-info-btn + .get-ip-info-result dl dt { - font-weight: bold; -} -.get-ip-info-btn + .get-ip-info-result dl dd { - margin: 0 0 10px 0; -} -.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-triangle { - color: red; -} -.get-ip-info-btn + .get-ip-info-result dl .fa-check-circle { - color: green; -} -.get-ip-info-btn + .get-ip-info-result dl .fa-exclamation-circle { - color: orange; -} diff --git a/web/edit/server/index.php b/web/edit/server/index.php index eed4baab..49c577d8 100644 --- a/web/edit/server/index.php +++ b/web/edit/server/index.php @@ -339,8 +339,7 @@ if (!empty($_POST['save'])) { $v_backup_username = escapeshellarg($_POST['v_backup_username']); $v_backup_password = escapeshellarg($_POST['v_backup_password']); $v_backup_bpath = escapeshellarg($_POST['v_backup_bpath']); - $v_backup_port = escapeshellarg($_POST['v_backup_port']); - exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath." ".$v_backup_port, $output, $return_var); + exec (VESTA_CMD."v-add-backup-host ".$v_backup_type." ".$v_backup_host ." ".$v_backup_username." ".$v_backup_password." ".$v_backup_bpath, $output, $return_var); check_return_code($return_var,$output); unset($output); if (empty($_SESSION['error_msg'])) $v_backup_host = $_POST['v_backup_host']; @@ -348,12 +347,12 @@ if (!empty($_POST['save'])) { if (empty($_SESSION['error_msg'])) $v_backup_username = $_POST['v_backup_username']; if (empty($_SESSION['error_msg'])) $v_backup_password = $_POST['v_backup_password']; if (empty($_SESSION['error_msg'])) $v_backup_bpath = $_POST['v_backup_bpath']; - if (empty($_SESSION['error_msg'])) $v_backup_port = $_POST['v_backup_port']; $v_backup_new = 'yes'; $v_backup_adv = 'yes'; $v_backup_remote_adv = 'yes'; } } + // Change remote backup host type if (empty($_SESSION['error_msg'])) { if ((!empty($_POST['v_backup_host'])) && ($_POST['v_backup_type'] != $v_backup_type)) { diff --git a/web/inc/i18n/en.php b/web/inc/i18n/en.php index 09ae210f..39c3bfff 100644 --- a/web/inc/i18n/en.php +++ b/web/inc/i18n/en.php @@ -377,7 +377,6 @@ $LANG['en'] = array( 'ErrorLog' => 'ErrorLog', 'Download AccessLog' => 'Download AccessLog', 'Download ErrorLog' => 'Download ErrorLog', - 'Continent' => 'Continent', 'Country' => 'Country', '2 letter code' => '2 letter code', 'State / Province' => 'State / Province', diff --git a/web/inc/main.php b/web/inc/main.php index f13e4142..26df863e 100644 --- a/web/inc/main.php +++ b/web/inc/main.php @@ -38,13 +38,8 @@ if(!isset($_SESSION['user_combined_ip'])){ $_SESSION['user_combined_ip'] = $user_combined_ip; } -$SKIP_IP_CHECK = false; -if (isset($_SESSION['DISABLE_IP_CHECK']) && $_SESSION['DISABLE_IP_CHECK'] == 'yes') { - $SKIP_IP_CHECK = true; -} - // Checking user to use session from the same IP he has been logged in -if ($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && $SKIP_IP_CHECK==false) { +if($_SESSION['user_combined_ip'] != $user_combined_ip && $_SERVER['REMOTE_ADDR'] != '127.0.0.1'){ session_destroy(); session_start(); $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php index d21a4322..3dcdb0ae 100644 --- a/web/inc/secure_login.php +++ b/web/inc/secure_login.php @@ -59,7 +59,7 @@ function prevent_post_csrf ($hard_check=false) { if (isset($_SERVER['HTTP_ORIGIN']) == false) return; } else { if (isset($_SERVER['HTTP_HOST']) == false) $_SERVER['HTTP_HOST'] = ''; - if (isset($_SERVER['SERVER_PORT']) == false) $_SERVER['SERVER_PORT'] = ''; + if (isset($_SERVER['SERVER_PORT']) == false) $_SERVER['HTTP_PORT'] = ''; if (isset($_SERVER['HTTP_ORIGIN']) == false) $_SERVER['HTTP_ORIGIN'] = ''; } $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']); diff --git a/web/js/app.js b/web/js/app.js index 978b7d09..9ba909a5 100644 --- a/web/js/app.js +++ b/web/js/app.js @@ -1072,42 +1072,3 @@ function elementHideShow(elementToHideOrShow){ el.style.display = el.style.display === 'none' ? 'block' : 'none'; } -(function($) { - $(document).ready(function() { - $('.get-ip-info-btn').click(function() { - var token = $('#token').attr('token'); - var index = $(this).attr('data-index'); - var btn_el = $('.get-ip-info-btn[data-index="' + index + '"]'); - var result_el = $('.get-ip-info-btn[data-index="' + index + '"] + .get-ip-info-result'); - var ip = btn_el.attr('data-ip'); - - var url_params = new URLSearchParams(window.location.search); - var clear_cache = url_params.get('clear_cache'); - - if (!$.trim(result_el.html())) { - result_el.html(''); - - $.ajax({ - method: "POST", - url: "/list/firewall/banlist/ip_info.php", - data: { ip: ip, clear_cache: clear_cache, token: token }, - cache: false, - error: function(jqXHR, textStatus, errorThrown) { - result_el.html('GENERAL ERROR
' + errorThrown); - }, - success: function(result_data) { - if (btn_el.find('i').hasClass('fa-times')) { - result_el.html(result_data); - } - } - }); - - btn_el.find('i').removeClass('fa-search').addClass('fa-times'); - } - else { - result_el.html(''); - btn_el.find('i').removeClass('fa-times').addClass('fa-search'); - } - }); - }); -})(jQuery); diff --git a/web/list/firewall/banlist/ip_info.php b/web/list/firewall/banlist/ip_info.php deleted file mode 100644 index e7888a75..00000000 --- a/web/list/firewall/banlist/ip_info.php +++ /dev/null @@ -1,164 +0,0 @@ - 'http://lists.blocklist.de/lists/all.txt', - 'BFB' => 'http://danger.rulez.sk/projects/bruteforceblocker/blist.php', - 'CIARMY' => 'http://www.ciarmy.com/list/ci-badguys.txt', - 'GREENSNOW' => 'https://blocklist.greensnow.co/greensnow.txt', - 'SPAMDROP' => 'https://www.spamhaus.org/drop/drop.txt', - 'SPAMEDROP' => 'https://www.spamhaus.org/drop/edrop.txt', - 'TOR' => 'https://check.torproject.org/cgi-bin/TorBulkExitList.py', - ]; - $today = date('Y-m-d'); - - foreach ($lists as $code => $url) { - $cache_tag = 'ip-blacklist-' . $code . '-cache'; - - // init cache - if (!isset($_SESSION[$cache_tag])) $_SESSION[$cache_tag] = ['updated' => '', 'items' => [], 'http_code' => '']; - - // invalidate cache if clear_cache parameter is 1 - if (!empty($_REQUEST['clear_cache']) && $_REQUEST['clear_cache'] == 1) $_SESSION[$cache_tag]['updated'] = '2000-01-01'; - - // if cache is not updated, fetch new data and save to cache - if (strtotime($today) > strtotime($_SESSION[$cache_tag]['updated'])) { - $new_cache_data = fetchURL($url, $url_result); - if ($url_result['http_code'] == '200') $new_cache_items = parseCacheEntries($new_cache_data); - $_SESSION[$cache_tag] = ['updated' => $today, 'items' => $new_cache_items, 'http_code' => $url_result['http_code']]; - } - - // check ip - $matched_ips = array_filter($_SESSION[$cache_tag]['items'], function ($item) use ($ip) { - if (str_contains($item, '/')) return cidrMatch($ip, $item); - if ($ip == $item) return true; - return false; - }); - - $check_results[$code]['found'] = count($matched_ips) > 0 ? true : false; - $check_results[$code]['updated'] = $_SESSION[$cache_tag]['updated']; - $check_results[$code]['http_code'] = $_SESSION[$cache_tag]['http_code']; - } - - return $check_results; -} - -// Check token -if ((!isset($_REQUEST['token'])) || ($_SESSION['token'] != $_REQUEST['token'])) { - die("Wrong token"); -} - -$ip = $_REQUEST['ip']; - -// Validate IP format -if (filter_var($ip, FILTER_VALIDATE_IP) === false) { - die('GENERAL ERROR
BAD_IP_FORMAT'); -} - -// Query host -$host = gethostbyaddr($ip); - -// Query blocklists -$result_blocklists = ''; -$ip_check = checkIP($ip); -if ($ip_check) { - foreach ($ip_check as $list_code => $list_results) { - $result_blocklists .= '
'; - $result_blocklists .= $list_results['found'] ? '' : ''; - $result_blocklists .= ' '.$list_code.' '; - $result_blocklists .= $list_results['http_code'] == '200' ? '' : ''; - $result_blocklists .= '
'; - } -} - -// Query location -$url = 'https://api.db-ip.com/v2/free/'.$ip; -$result = fetchURL($url); -$result_array = json_decode($result, true); -if (!is_array($result_array)) { - die('GENERAL ERROR
BAD_JSON'); -} -if (!empty($result_array['errorCode'])) { - die('GENERAL ERROR
'.$result_array['errorCode']); -} - -// Output -echo " -
-
".__('Host')."
-
".$host."
-
".__('Banlist')."
-
".$result_blocklists."
-
".__('Continent')."
-
".$result_array['continentName']." [".$result_array['continentCode']."]
-
".__('Country')."
-
".$result_array['countryName']." [".$result_array['countryCode']."]
-
".__('State / Province')."
-
".$result_array['stateProv']." [".$result_array['stateProvCode']."]
-
".__('City / Locality')."
-
".$result_array['city']."
-
-"; diff --git a/web/list/user/index.php b/web/list/user/index.php index 4e5ac369..da708edc 100644 --- a/web/list/user/index.php +++ b/web/list/user/index.php @@ -22,7 +22,7 @@ if ($user == 'admin') { if ($show_changelog_value_int==1) { $changelog=''; $changelog_arr=file("/usr/local/vesta/Changelog.md"); - for ($i=0; $i<100; $i++) { + for ($i=0; $i<30; $i++) { if (trim($changelog_arr[$i])=="") break; if ($i>1) $changelog.="\n"; $changelog.=$changelog_arr[$i]; diff --git a/web/login/index.php b/web/login/index.php index 5de05451..18841344 100644 --- a/web/login/index.php +++ b/web/login/index.php @@ -1,7 +1,5 @@
- - - - - - - - "> -

- - diff --git a/web/templates/admin/list_firewall_banlist.html b/web/templates/admin/list_firewall_banlist.html index 3bc8ccb2..72153940 100644 --- a/web/templates/admin/list_firewall_banlist.html +++ b/web/templates/admin/list_firewall_banlist.html @@ -80,7 +80,7 @@
 
-
+
diff --git a/web/templates/file_manager/main.php b/web/templates/file_manager/main.php index dd9095f7..2e82f811 100644 --- a/web/templates/file_manager/main.php +++ b/web/templates/file_manager/main.php @@ -19,7 +19,6 @@ -
©
diff --git a/web/templates/header.html b/web/templates/header.html index 37905032..7f317f94 100644 --- a/web/templates/header.html +++ b/web/templates/header.html @@ -4,7 +4,7 @@ myVesta - <?=__($TAB)?> - + diff --git a/web/upload/UploadHandler.php b/web/upload/UploadHandler.php index ce8863bb..48f40b23 100755 --- a/web/upload/UploadHandler.php +++ b/web/upload/UploadHandler.php @@ -1096,7 +1096,7 @@ class UploadHandler } if (count($failed_versions)) { $file->error = $this->get_error_message('image_resize') - .' ('.implode(', ', $failed_versions).')'; + .' ('.implode($failed_versions,', ').')'; } // Free memory: $this->destroy_image_object($file_path);